Shadow Passwords

It is considered a security risk to keep passwords in /etc/passwd because anyone with read access could run a cracking program on the file and obtain the passwords with little trouble. To avoid this risk, shadow passwords are used so that only an X appears in the password field of /etc/passwd; the real passwords are kept in /etc/shadow, a file that can only be read by the system administrator (and PAM, the Pluggable Authentication Modules authentication manager; see the “PAM Explained” sidebar for an explanation of PAM).

Special versions of the traditional password and login programs must be used to enable shadow passwords. Shadow passwords are automatically enabled during installation of Ubuntu. Examine the following abbreviated ...

Get Ubuntu Unleashed 2015 Edition: Covering 14.10 and 15.04, Tenth Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.