Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Originally posted by markus1982 Well on RH 8.0 there is NO more /etc/shadow ... the passwords are stored also in /etc/passwd ... that sucks IMHO :tisk:
prolly cause you didn't enable shadow passwds. if RH stores all encrypted passwds in /etc/passwd then it's a HUGE step back in security, and just really lame on redhat's part.
Text-mode tool for setting up NIS and shadow passwords.
So but what happens if you create a kickstart file and choose (in the packages-section):
-authconfig
Then you get a system WITHOUT shadow-pwd ... although in the kickstart-file you can specify authconfig --useshadow or auth --useshadow before ... but it's just useless those settings if not installing authconfig ... as far as I can remember I don't think I had a similar prob with 7.3
Last edited by markus1982; 10-03-2002 at 05:54 PM.
Originally posted by nxny /etc/passwd has always been world-readable. Whether you store your encrypted password in it or not.
The RH system needs a lot of security tighting actions after the base install to secure the system. I wrote a kickstart system_configure script for that purpose in perl which is about 1000 lines currently!
Distribution: Red Hat 8.0, Slackware 8.1, Knoppix 3.7, Lunar 1.3, Sorcerer
Posts: 771
Rep:
Definitely! The password should be stored in /etc/shadow for security. But /etc/passwd has been world readable due to historic reasons -- back from the UNIX days -- when people didnt need to be as security conscious as we are today.
Would you share your script with us then, Markus?
red hat 8.0 does have shadowed passwords. It is enabled by default in the install. You would have to purposely uncheck it to take off shadowed passwords. There will always be a /etc/passwd file if you have shadowed passwords or not. if there is a /etc/shadow then you have shadowed passwords.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Good luck!
