[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[newbie] Shasow passwords on rhl5.2



Hi.

I'm incharge my school's webserver (runnig rhl5.2).
Lately a suggestion was maid to let students and teachers have accounts
by request,
in oreder to maintain their home pages,
and "experience unix". :-)

Anyway,
for that matter i decided it's time to boost security up a notch,
and starting with shadow passwords.
I'm affraid many "cracker-wannabe's" will get the /etc/passwd file,
and use a cracker to extract passwords out of it. (possibly root the
server).

So naturally i checked the shadow passwords howto.
however it is outdated and assumes that distribusions does not come with
shadow passwords.
Redhat, however seems to have shadow, since a man page can be found (2
of them actually).

so, my question is,
how do i set shadow passwords on redhat?
do i need to get shadow-utils, compile and install,
or will it fuck up the existing shadow, and make a big mess?
I want to do it smooth and clean.

another question is,
should i bother?
is it that easy to extract passwords out of /etc/passwd?
(no dictionary words, gibrish password)
from how i understood it /etc/passwd contains the "salt" and thus
decryption of the password is rather easy.
but is it a long process?

another question,
is what other things should i do to secure the box?
(which is basicly a rhl5.2 with 2.2.0 kernel)
the students are pretty dumb (understatment) regarding unix, cracking,
etc.
(they think backorifice/netbus is hacking)
but passwd crackers and security exploits can be found anywhere on warez
sites, and such.
do i need to worry?

-- 

There are no big words, just little people.