On Fri, 31 Jul 1998, Eric Diwouta-Loth wrote:
> Hello,
> I've heard many and many times talkin about shadow passwords. I will like to know
>what is its meaning and its utilisayion
>
> Thanx,
>
> Eric
>
Normal passwords are placed in the /etc/passwd file. This file is readable
for everyone, so everyone can try to crack the passwords. To circumvent
this, modern systems use shadow passwords. In this case, the passwords are
stored in /etc/shadow, which can only be read by root. This means that you
have to try each possible password at a login prompt if you want to find
it, which takes a lot of time, whereas in a standard situation, you just
encrypt each possible password and see if it matches the entry in
/etc/passwd.
Frank
