[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No Shadow?!



On Wed, 11 Mar 1998, Gilad Ben-Yossef wrote:

> How bad is it when a real life system has the encrypted root password in
> /etc/passwd? or to put in other words, no shadow?
I'd say that most people get machines that don't implement shadow by
default. in fact I only know for certain that FreeBSD uses shadow with MD5
(not crypt, even) and Linux 4.x and up have it built into PAM. However
most users don't bother to use it, or even know it's there. On sun
machines it means recompiling way too many daemons and stuff. that means
GNU software, and that means people are afraid they will lose the support
of Sun.

then again, maybe people are plain lazy when it's "the workplace's
computer".

I use shadow on my firewall (even though it's not accesible from the
outside anyway!) but the internal net is all NIS, so no shadow...