[14] in linux-security and linux-alert archive
Re: Shadow Passwords?
daemon@ATHENA.MIT.EDU (Ed Beaumont)
Mon Mar 6 15:10:53 1995
From: Ed Beaumont <morlok@abyss.apana.org.au>
To: linux-security@tarsier.cv.nrao.edu
Date: Tue, 7 Mar 1995 05:03:52 +0000 (GMT)
In-Reply-To: <199503061750.MAA02242@portal.stwing.upenn.edu> from "Roman Gollent" at Mar 6, 95 12:50:08 pm
Reply-To: linux-security@tarsier.cv.nrao.edu
>
> > One of the most common hacker techniques is grabbing your /etc/passwd and
> > running it against a dictionary. This only reveals poorly chosen
> > passwords, but should not be possible at all. Shadow passwords defeat this.
>
> [SNIP] <For the sake of brevity>
>
> I was wondering if there was ever going to be a move to make shadowing
> a standard, ie: Have all distributions come with shadowing by
> default. Since there are many other Un*x os that come with shadowing
> turned on, why can't the same be done for Linux distributions, or at
> least the popular ones? This isn't a criticism, just an open question.
If I remember right this was discussed awhile ago, but was the writer
of the shadow password package didnt want it distributed in part.
In any case, the package itself is very easy to install and requires
very little interaction from the user to install. (You just have
to peruse throught the config.h to decide what you would like to
have. ) This is of course if you apply the linux patches to the
3.3.1 source tree. (They are available on sunsite.).
--
Morlok (Ed Beaumont) ----------------- UUCP Coordinator - APANA Brisbane
"The Eagle may soar, but a weasel | (uucpmaster@brisbane.apana.org.au)
never gets sucked into a jet engine" | System Operator of Abyss APANA Site
Simon & Simon + (morlok@abyss.apana.org.au)
--
[Moderator's (Jeff's) note: This should pretty much finish this thread
off. Further discussion of shadow passwords should go to the admin (or
a similar) list, or to a c.o.l.* group, unless the discussion relates to
a *security* portion of shadow, such as a previously-undetected
vulnerability.]
