passwds and crypt(3)...

Joshua Osborne stripes at eng.umd.edu
Wed Jan 3 09:43:36 AEST 1990


In article <21913 at adm.BRL.MIL> mwood!attcc!hpn at att.att.com writes:
>I don't understand the meaning behind use the /etc/shadow file.  All it does
>is holds the encrypted passwords, right? (like, AkhjfuDe2,md )
>What's the use?
With the encrypted passwords in /etc/passwd anyone can read them and then try
to hack them.  When they are stored in a shadow file that file is normally
readable to root, or some passwd group.  That makes it mutch harder to get
at.  Of corse this makes it harder for both crackers, and people who want to
do something useful with them (i.e. xlock- a program that locks your X display
untill you type your password).  Every silver lineing has its cloud...
-- 
           stripes at wam.umd.edu          "Security for Unix is like
      Josh_Osborne at Real_World,The          Mutitasking for MS-DOS"
      "The dyslexic porgramer"                  - Kevin Lockwood
Einstein argued that there must be simplified explanations of nature, because
God is not capricious or arbitrary.  No such faith comforts the software
engineer.
- Fred Brooks, Jr.



More information about the Comp.unix.questions mailing list