Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!samsung!uakari.primate.wisc.edu!uflorida!haven!mimsy!mojo!stripes
From: stripes@eng.umd.edu (Joshua Osborne)
Newsgroups: comp.unix.questions
Subject: Re: passwds and crypt(3)...
Message-ID: <1990Jan2.224336.29990@eng.umd.edu>
Date: 2 Jan 90 22:43:36 GMT
References: <21913@adm.BRL.MIL>
Sender: news@eng.umd.edu (The News System)
Organization: Merriversity of Uniland, College Purgatory
Lines: 18

In article <21913@adm.BRL.MIL> mwood!attcc!hpn@att.att.com writes:
>I don't understand the meaning behind use the /etc/shadow file.  All it does
>is holds the encrypted passwords, right? (like, AkhjfuDe2,md )
>What's the use?
With the encrypted passwords in /etc/passwd anyone can read them and then try
to hack them.  When they are stored in a shadow file that file is normally
readable to root, or some passwd group.  That makes it mutch harder to get
at.  Of corse this makes it harder for both crackers, and people who want to
do something useful with them (i.e. xlock- a program that locks your X display
untill you type your password).  Every silver lineing has its cloud...
-- 
           stripes@wam.umd.edu          "Security for Unix is like
      Josh_Osborne@Real_World,The          Mutitasking for MS-DOS"
      "The dyslexic porgramer"                  - Kevin Lockwood
Einstein argued that there must be simplified explanations of nature, because
God is not capricious or arbitrary.  No such faith comforts the software
engineer.
- Fred Brooks, Jr.