Re: shadow passwords?


Michael H. Warfield (galbp!wittsend.LBP.HARRIS.COM!mhw@gatech.edu)
11 Nov 88 17:35:35 GMT


In article <In article <4871@pdn.UUCP> In article <4871@pdn.UUCP> larry@pdn.UUCP (0000-Larry Swift) writes:
>In article <8811080049.AA07509@gyre.umd.edu> chris@GYRE.UMD.EDU (Chris Torek) writes:
>>..... Updates must happen to both files.

>Updates of what?? Passwords?

     Updates of anything. Passwords, userid's, home directories, etc.

>You still haven't explained what use /etc/passwd is, especially if the
>passwords in it are unusable!

     The password file contains alot more than just passwords. Users are
identified symbolically by many programs by symbolicly relating their numerical
id with their login user name through the password file (say every time you
do a directory with ll). It provides the users home directory for a wealth of
programs as well. Many of them do not need to see your encrypted password.
This shadow password file relates the the "orange book" security level C1.
(I think. I'm playing this one by memory so keep the flames to a dull roar.)
The idea is to restrict the password field to only those programs with
legitimate need. All other programs see the identical information in all fields
except the encrypted password.

     The password file is even used by mail and news when building the "From:"
entries so we know who sent these things, the full name in the "From:" field
comes from the comment (or GCOS) field in the password file (Yes you can type
them in by hand but who does).

---
Michael	H. Warfield  (The Mad Wizard)	| gatech.edu!galbp!wittsend!mhw
  (404)	 270-2123 / 270-2098		| mhw@wittsend.LBP.HARRIS.COM
An optimist believes we	live in	the best of all	possible worlds.
A pessimist is sure of it!



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:30 GMT