[20] in linux-security and linux-alert archive
Re: Shadow Passwords?
daemon@ATHENA.MIT.EDU (Kyriakos Georgiou)
Mon Mar 6 20:17:30 1995
From: Kyriakos Georgiou <kg@mykonos.rc.rit.edu>
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 6 Mar 1995 15:05:38 -0500 (EST)
In-Reply-To: <m0rlWAh-000xA5C@hq.jcic.org> from "Daniel Hollis" at Mar 5, 95 10:21:33 pm
Reply-To: linux-security@tarsier.cv.nrao.edu
Point well taken about shadow passwds, but..
Lots of existing programs/utilities rely on the 'normal' /etv/passwd
I guess the drawback of shadow'ing is the need of shadow-aware
daemons/programs.
A cute solution is a smarter 'passwd' program (don't allow dictionary
words, follow simple rules which make brute force cracking impossible,
yet such passwd restrictions may be unacceptable by users :-)
--
Kyriakos Georgiou
kg@mykonos.rc.rit.edu
--
[Moderator's (Jeff's) note: I had originally thought that the shadow
discussion should end a few posts ago, but since there seem to be a lot
of people that want to discuss the subject (judging by the number and
variety of followup responses), it will continue at the obvious desire
of a number of people on the list.]
