Re: shadow password

From: Stephen R Laniel (steve_at_laniels.org)
Date: 03/31/05

  • Next message: LeVA: "Re: shadow password" 
    Date: Thu, 31 Mar 2005 10:18:25 -0500
To: James Scott <jayscott0@gmail.com>

    On Wed, Mar 30, 2005 at 05:16:36PM -0600, James Scott wrote:
    > When I look at the /etc/shadow file, the password field is currently
    > an exclamation point (:!:). I understand that an asterisk (:*:) would
    > mean that the account is disabled, but I don't what the exclamation means?

    Shadow passwords may very well be disabled on your system.
    For various reasons [1], shadow passwords aren't always a
    good idea, and they're rather unnecessary if you use a
    strong hashing algorithm.

    Recall the point of shadow passwords: /etc/passwd used to
    contain a hashed version of the password, but then people
    realized that a lot of non-root programs had to have access
    to that file. So the actual password portion of the passwd
    file got pulled off into /etc/shadow, with /etc/passwd
    keeping the rest of the user information.

    But now if you use NIS, the hashed password has to go over
    your network anyway. So the shadow password is pointless
    there. Check out the man page for pwunconv(8) to see how you
    can move the hashed passwords back into /etc/passwd.
    pwconv(8) does the inverse: it creates a shadow password
    file out of /etc/passwd.

    As for creating a password for a new program: I guess I'm
    not sure what your concern is. In all likelihood no other
    program is using that account.

    [1] - http://shorl.com/gupraduletope 

    -- 
Stephen R. Laniel
steve@laniels.org
+(617) 308-5571
http://laniels.org/
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: LeVA: "Re: shadow password"