Convert passwd to shadow

From LinuxServerTech

Jump to: navigation, search


How do I enable shadow passwords on my Linux box?

Following is shamelessly stolen from http://www.linux.org/docs/ldp/howto/Security-HOWTO/q-and-a.html

To enable shadow passwords, run pwconv as root, and /etc/shadow should now exist, and be used by applications. If you are using RH 4.2 or above, the PAM modules will automatically adapt to the change from using normal /etc/passwd to shadow passwords without any other change.

Some background: shadow passwords is a mechanism for storing your password in a file other than the normal /etc/passwd file. This has several advantages. The first one is that the shadow file, /etc/shadow, is only readable by root, unlike /etc/passwd, which must remain readable by everyone. The other advantage is that as the administrator, you can enable or disable accounts without everyone knowing the status of other users' accounts.

The /etc/passwd file is then used to store user and group names, used by programs like /bin/ls to map the user ID to the proper user name in a directory listing.

The /etc/shadow file then only contains the user name and his/her password, and perhaps accounting information, like when the account expires, etc.

To enable shadow passwords, run pwconv as root, and /etc/shadow should now exist, and be used by applications. Since you are using RH 4.2 or above, the PAM modules will automatically adapt to the change from using normal /etc/passwd to shadow passwords without any other change.

Since you're interested in securing your passwords, perhaps you would also be interested in generating good passwords to begin with. For this you can use the pam_cracklib module, which is part of PAM. It runs your password against the Crack libraries to help you decide if it is too-easily guessable by password-cracking programs.

Retrieved from "http://wiki.linuxservertech.com/index.php/Convert_passwd_to_shadow"