[TriLUG] how to unshadow

Matt Hoover Matt.Hoover at haht.com
Mon Nov 4 13:41:01 EST 2002


> I guess I was wrong, but I thought that because of the Salt on the
> passwords and one-way encryption, that once they were shadowed the
> plaintext password could not be recovered?

Even when the passwords are stored in the /etc/passwd file, they are
hashed in the same way as in the shadow file.  The reasons to use a 
shadow file have to do with the additional per user information that 
is stored in the file, and the fact that the permissions on the file 
can be more restrictive.  IMHO you do not gain very much security 
by using a shadow file, and if you need the additional security, 
you should be using PAM, and one of more modern security systems 
(Kerberos, for example).
--matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trilug.org/pipermail/trilug/attachments/20021104/e951de39/attachment.html>


More information about the TriLUG mailing list