----- Original Message ----- 
From: "Rhys John" <[EMAIL PROTECTED]>
Sent: Thursday, December 18, 2003 5:44 AM
Subject: Re: master.passwd -- securing

> Both accounts are now active but i would like to remove the encrypted
> password from master.passwd and replace it with a *. Is this possible with
> "vipw"?
> Thanks for your reply hugle

In normal stand alone operation, no. It's not possible at all. There has to
be a password hash local to the machine. Now, if you're configured to use
another method of password storage as has been previously mentioned, that's
a different story. Although, best practice would be to have at least one
user account in wheel, and the root user with a valid login password. If
you're worried about someone viewing the master.passwd file and obtaining
the hash, don't. Only root, by default, can touch that file. If you have
someone that has breeched the system to the point they're able to open that
file, then the problem of them viewing the password hash is quite moot.


Micheal Patterson
TSG Network Administration

Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to