It is considered a security risk to keep passwords in
/etc/passwd because anyone with read access could run a cracking program on the file and obtain the passwords with little trouble. To avoid this risk, shadow passwords are used so that only an X appears in the password field of
/etc/passwd; the real passwords are kept in
/etc/shadow, a file that can only be read by the system administrator (and PAM, the Pluggable Authentication Modules authentication manager; see the “PAM Explained” sidebar for an explanation of PAM).
Special versions of the traditional
login programs must be used to enable shadow passwords. Shadow passwords are automatically enabled during installation of Ubuntu. Examine the following abbreviated ...