Most versions of Linux come with the shadow password suite of software already installed. This suite of software is recommended to enhance security since all users must be able to access the /etc/passwd file. With full access to this file, a "crack" program can be used by any user to extract all passwords on the system. The shadow password software places the actual encrypted passwords into the /etc/shadow file making this file readable only by the root user. If your system has the file /etc/shadow, you probably already have shadow passwords installed.
Linux Shadow Passwords
If your system did not come with shadow passwords and you are going to install it you will want to read the Shadow-Password-HOWTO and roughly do the following.
- Find the latest shadow password suite that will work on your system
- Backup a copy of your files listed above that the shadow password suite will replace.
- Install the shadow password suite.
- Remove old man pages that may interfere with you seeing the correct replacement man pages that came with the shadow password suite.
- run pwconv which creates /etc/npasswd and /etc/nshadow
- Backup /etc/passwd and copy the files /etc/npasswd and /etc/nshadow to /etc/passwd and /etc/shadow respectively.
- Be sure the /etc/shadow and /etc/passwd owners and permissions are the same as shown in listings in this manual.
- Verify you can login
- When you are sure the system runs OK, remove backup files such as the backed up copy of /etc/passwd.
- You may need to upgrade your xlock program to get X working. xlock is the screen saver used to lock the screen.
- xdm presents the login screen for X. You may need to upgrade xdm.