Shadow Passwords

It is considered a security risk to keep passwords in /etc/passwd because anyone with read access could run a cracking program on the file and obtain the passwords with little trouble. To avoid this risk, shadow passwords are used so that only an X appears in the password field of /etc/passwd; the real passwords are kept in /etc/shadow, a file that can only be read by the system administrator (and PAM, the Pluggable Authentication Modules authentication manager; see the “PAM Explained” sidebar for an explanation of PAM).

Special versions of the traditional password and login programs must be used to enable shadow passwords. Shadow passwords are automatically enabled during installation of Ubuntu. Examine the following abbreviated ...

Get Ubuntu Unleashed 2013 Edition: Covering 12.10 and 13.04, Eighth Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.