[H-GEN] passwd and shadow files
Ted Percival
ted at midg3t.net
Sat Dec 29 00:21:51 EST 2007
On Fri, 2007-12-28 at 20:20 -0500, Robert Brockway wrote:
> On Mon, 17 Dec 2007, Jason Parker-Burlingham wrote:
> > On Dec 16, 2007 9:24 PM, List Puppy <listpuppy at gmail.com> wrote:
> >> Is there a configuration file somewhere that tells the system, at boot
> >> time, to use a shadow file instead of the password file? If so;
> >> where, and, what is its name?
> >
> > It probably doesn't happen at boot time; my guess is that it's going
> > to be in the pam configuration for the authentication module being
> > used (probably "login").
> >
> > Looks like pam_unix.so is responsible for this, and one source I
> > looked at says that it auto-detects the presence of /etc/shadow.
>
> That's right. These days PAM is responsible for knowing about /etc/shadow
> (aka, the "shadow password suite") on Linux and many other OSes. Before
> PAM various utils had to know about shadow themselves.
>
> It's worth noting that it is the "x" in the password field in /etc/passwd
> which tells the system to look in /etc/shadow for a password even if
> shadow is enabled in PAM. It is possible[1] to copy a password from
> /etc/shadow back into /etc/password and have it work.
There are utilities for converting to and from shadow passwords, see
pwconv(8). Debian & derivatives also have a command called
`shadowconfig` for safely turning them on or off system-wide. But you
should always leave them enabled.
More information about the General
mailing list