In multiuser environments it is very important to use shadow passwords (provided by the shadow-utils package). Doing so enhances the
security of system authentication files. For this reason, the
installation program enables shadow passwords by default.
The following lists the advantages pf shadow passwords have over
the traditional way of storing passwords on UNIX-based systems:
-
Improves system security by moving encrypted password hashes
from the world-readable /etc/passwd file
to /etc/shadow, which is readable only by
the root user.
-
Stores information about password aging.
-
Allows the use the /etc/login.defs
file to enforce security policies.
Most utilities provided by the shadow-utils package work properly whether or not
shadow passwords are enabled. However, since password aging
information is stored exclusively in the /etc/shadow file, any commands which create or
modify password aging information do not work.
The following is a list of commands which do not work without
first enabling shadow passwords:
