Re: shadow password
On Wed, Mar 30, 2005 at 05:16:36PM -0600, James Scott wrote:
> When I look at the /etc/shadow file, the password field is currently
> an exclamation point (:!:). I understand that an asterisk (:*:) would
> mean that the account is disabled, but I don't what the exclamation means?
Shadow passwords may very well be disabled on your system.
For various reasons [1], shadow passwords aren't always a
good idea, and they're rather unnecessary if you use a
strong hashing algorithm.
Recall the point of shadow passwords: /etc/passwd used to
contain a hashed version of the password, but then people
realized that a lot of non-root programs had to have access
to that file. So the actual password portion of the passwd
file got pulled off into /etc/shadow, with /etc/passwd
keeping the rest of the user information.
But now if you use NIS, the hashed password has to go over
your network anyway. So the shadow password is pointless
there. Check out the man page for pwunconv(8) to see how you
can move the hashed passwords back into /etc/passwd.
pwconv(8) does the inverse: it creates a shadow password
file out of /etc/passwd.
As for creating a password for a new program: I guess I'm
not sure what your concern is. In all likelihood no other
program is using that account.
[1] - http://shorl.com/gupraduletope
--
Stephen R. Laniel
steve@laniels.org
+(617) 308-5571
http://laniels.org/
Reply to: