Re: shadow passwords?


Chris Torek (chris@gyre.umd.edu)
Mon, 7 Nov 88 19:49:20 EST


It seems the phrase `shadow password file' is not well known, so here
is a definition:

It means the encrypted passwords themselves (and any other `sensitive'
information) is not kept in /etc/passwd, which is readable by everyone,
but rather in some other file that is not readable except by root
(and/or by other privilege of your choice). The typical implementation
is to rename the real password file /etc/passwd as something else
(e.g., /etc/pw.shadow), and replace /etc/passwd with a copy that has
the password field replaced with something unusable (`*'). Programs
that really need a user's password run privileged, and are changed to
refer to the shadow file; others use the usual file, but have no access
to the encrypted password. Updates must happen to both files.

(The phrase comes about from the fact that /etc/passwd is---or has,
depending on your point of view---a `shadow' thrown by another file.)

Chris



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT