6.5. Shadow Passwords
In multiuser environments it is very important to use shadow
passwords (provided by the shadow-utils
package). Doing so enhances the security of system authentication
files. For this reason, the Red Hat Linux installation program enables shadow
passwords by default.
The following is a list of advantages shadow passwords have over the old
way of storing passwords on UNIX-based systems.
Improves system security by moving encrypted password hashes
from the world-readable /etc/passwd file to
/etc/shadow, which is readable only by the root
user.
Stores information about password aging.
Allows the use the /etc/login.defs file to
enforce security policies.
Most utilities provided by the shadow-utils package
work properly whether or not shadow passwords are enabled. However,
since password aging information is stored exclusively in the
/etc/shadow file, any commands which create or
modify password aging information will not work.
Below is a list of commands which do not work without first enabling
shadow passwords:
