[23] in linux-security and linux-alert archive
Re: Shadow Passwords?
daemon@ATHENA.MIT.EDU (Daniel Hollis)
Mon Mar 6 20:18:02 1995
From: dhollis@hq.jcic.org (Daniel Hollis)
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 6 Mar 1995 13:10:59 -0800 (PST)
In-Reply-To: <199503061750.MAA02242@portal.stwing.upenn.edu> from "Roman Gollent" at Mar 6, 95 12:50:08 pm
Reply-To: linux-security@tarsier.cv.nrao.edu
> > One of the most common hacker techniques is grabbing your /etc/passwd and
> > running it against a dictionary. This only reveals poorly chosen
> > passwords, but should not be possible at all. Shadow passwords defeat this.
> [SNIP] <For the sake of brevity>
>
> I was wondering if there was ever going to be a move to make shadowing
> a standard, ie: Have all distributions come with shadowing by
> default. Since there are many other Un*x os that come with shadowing
> turned on, why can't the same be done for Linux distributions, or at
> least the popular ones? This isn't a criticism, just an open question.
I think the reason shadow passwords are not included in any of the linux
distributions is that the shadow suite requires licensing if it's to be
included in commercial distributions. But it is available for anyone to
ftp freely and install themselves.
(Kind of like the yp suite which requires licensing from Sun?)
-Dan
