/etc/shadow equivalent without a source license!

William E. Davidsen Jr davidsen at steinmetz.ge.com
Tue Mar 7 05:28:03 AEST 1989


In article <9004 at alice.UUCP> debra at alice.UUCP () writes:

| Wait a minute... this is not a useful way to implement /etc/shadow.
| The idea of /etc/shadow is to have a publicly accessible /etc/passwd that
| does not contain the (encrypted) passwords. /etc/shadow only contains the
| login and encrypted passwords (and possibly some other secret stuff).
| It is to prevent password hacking that the password should be in the
| unreadable file. I don't see much use for your copy of /etc/passwd.
| Maybe you want to reconsider the whole idea?

  I don't understand this response at all. The proposal was for a file
(/etc/shadow) which would hold the real password and be readable only to
root, and the standard password file (/etc/password) which had the same
info with the password replaced by 'x'. This sounds like a totally
workable solution. I see no reason why having non-secret stuff in the
shadow file hurts anything...

  I just looked with a binary patch editor and found 4404 in the
/bin/passwd program. Now I'll create a small dummy filesystem, patch the
programs su, login, and passwd, and test under chroot. WHen I feel brave
I'll actually install them.

  Totally great idea. The files only have to be copied when a uid is
added/deleted, or comments, etc, are changed. Obviously chsh and friends
will have to change if you have them.

================ Maybe SCO could pick up this idea - HINT ================
-- 
	bill davidsen		(wedu at ge-crd.arpa)
  {uunet | philabs}!steinmetz!crdos1!davidsen
"Stupidity, like virtue, is its own reward" -me



More information about the Comp.unix.questions mailing list