On Mon, Sep 08, 2003 at 05:45:32PM +0200, Heribert Slama wrote:
> On Mon, 8 Sep 2003 12:56:29 +0100, in gmane.linux.gentoo.user, Mike
> Williams <[EMAIL PROTECTED]> wrote:
>
> >[......]
> >PAM and Shadow are part of system, so can't be removed easily anyway.
>
> Can you please give a hint what this "Shadow" thing means.
In traditional Unix password systems, everything is in the /etc/passwd
file: user name, password hash, ID, primary group, home directory, shell,
etc. Because programs like 'ls -l' need access to this file in order to do
user ID to user name mapping, the /etc/passwd file must be world readable.
This means that the hashes are world readable.
In a 'shadow' password system, the password hashes (and information such
as when the password expires) is moved into the /etc/shadow file instead,
and the rest of the information is kept in /etc/passwd. This way, while
the passwd file has to be world readable, the hashes are in the root-only
shadow file. Hence, nobody but root can get access to the hashes to try
running dictionary cracker programs on them.
It bumps the level of security up a little by requiring root access to
get at the most sensitive information in there.
> When I modify a user entry with KDE's User Management and finally
> save the changes, I get warning dialogs (something like "no shadow
> entry for user <user>") for _every_ user and have to click them
> away;-(
This is because the passwd and shadow files have to be kept in sync,
with the same lines in both. Every time you create a new user, it has to
create a new entry in both passwd and shadow files. Once the entry in the
shadow file exists, though, you shouldn't keep getting these.
---------------------------+---------------------------------------------------
Bryan Feir VA3GBF|"A half-truth, like a half-brick, is more forcible
Home:[EMAIL PROTECTED] | in an argument than a whole one...
| it carries further." -- Stephen Leacock
---------------------------+---------------------------------------------------
--
[EMAIL PROTECTED] mailing list
