Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!uwmcsd1!marque!uunet!mcvax!ukc!strath-cs!jim
From: jim@cs.strath.ac.uk (Jim Reid)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: shadow passwords?
Message-ID: <1260@stracs.cs.strath.ac.uk>
Date: 9 Nov 88 18:07:35 GMT
References: <8811080049.AA07509@gyre.umd.edu>
Reply-To: jim@cs.strath.ac.uk
Organization: Comp. Sci. Dept., Strathclyde Univ., Scotland.
Lines: 23

In article <8811080049.AA07509@gyre.umd.edu> chris@GYRE.UMD.EDU (Chris Torek) writes:
>.... a description of a 'shadow' (i.e. a dummy) password file
>
>The typical implementation is to rename the real password file>
>/etc/passwd as something else (e.g., /etc/pw.shadow), and replace
>/etc/passwd with a copy that has the password field replaced with
>something unusable (`*').

A more sneaky approach would be to replace the password field with
something that looked like an encrypted password although it didn't
cipher into anything significant. If you did that, the bad guy would
waste his/her time on the usual password file attacks without getting
anywhere. Putting something unusable (like `*') as the encrypted
password would just tell the bad guy not to bother with that approach.
That may or may not be a good thing.

		Jim
-- 
ARPA:	jim%cs.strath.ac.uk@ucl-cs.arpa, jim@cs.strath.ac.uk
UUCP:	jim@strath-cs.uucp, ...!uunet!mcvax!ukc!strath-cs!jim
JANET:	jim@uk.ac.strath.cs

"JANET domain ordering is swapped around so's there'd be some use for rev(1)!"