What version of Fedora are you running here? In the lab we've got some Fedora 8 stuff and ssh was just a "turn this service on" type thing, I don't ever remember being asked about shadow tables or anything like that.
-Jay On Tue, Mar 18, 2008 at 2:04 PM, John Mort <[EMAIL PROTECTED]> wrote: > On Tue, Mar 18, 2008 at 9:52 AM, Mike Kershaw <[EMAIL PROTECTED]> wrote: > > On Tue, Mar 18, 2008 at 09:07:35AM -0400, John Mort wrote: > > > Poking around, I think I might have found the problem, but don't know > > > how to solve it. On a whim I checked /etc/passwd and /etc/shadow, > > > /etc/passwd didn't show anything useful but /etc/shadow shows all the > > > user accounts passwords in plain text, while the root password is > > > obviously encrypted. I've never (to my knowledge) used /etc/shadow, > > > but I'm guessing that ssh is checking this file and treating the > > > plaintext passwords as encrypted passwords, which would cause them to > > > not match up when it compares the encrypted version of what I'm > typing > > > in. > > > > Shadow has been around for about 10 years. It solves the problem that > a > > lot of nonprivved tools need to see the user accounts list, but > > shouldn't see the password list. Passwords in /etc/passwd are > > "shadowed" with 'x' in the pw field. The encrypted password is then > > kept in /etc/shadow, which should look like: > > > > dragorn:$ddsfcxcvZFdjhdfjhxjjDEDFJhdfjhdf0:13775:0:99999:7::: > > > > Shadow should definitely not show passwords in plaintext - that would > > indicate something has gone very wrong somewhere, I'm not even sure > > how you'd cause that to happen... > > > I just know that when I've been given the option at home to use shadow > tables, I've declined, wanting to keep things simpler until I had a > higher level of competency. > > With your confirmation that plaintext passwords in /etc/shadow are not > normal, I was able to do a bit of googlemancy and I think I know what > happened. > > It looks like the guy who set up the linux machines does everything in > root, because even his account is showing up in plaintext. I just > logged in as root and set myself up with a user account using the GUI > and my password is encrypted. So I'm guessing he probably used the > useradd command with the -p flag, which is supposed to be supplied > with an encrypted password, but he probably put the password itself > instead. At least, that's how I'm able to replicate it. > > I'm not even able to log in locally under his name (which makes > sense), so I'm betting he does everything as root and never noticed > the problem before. > > > -- > John D. Mort > http://john.mort.net > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > Upcoming Meetings (6pm - 8pm) MHVLS Auditorium > Mar 5 - Wearable Linux Computing > Apr 2 - Building a Kernel the Debian / Ubuntu way > May 7 - Setting up a platform-independent home/small office network using > Linux > Jun 4 - TBD > Jul 2 - KVM (Tenative) > _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Mar 5 - Wearable Linux Computing Apr 2 - Building a Kernel the Debian / Ubuntu way May 7 - Setting up a platform-independent home/small office network using Linux Jun 4 - TBD Jul 2 - KVM (Tenative)
