Web page hosting, cheap domain name & website promotion services
  

 Home
Red Hat Linux 7.2: The Official Red Hat Linux Reference Guide
PrevChapter 2. Users and GroupsNext

Shadow Utilities

If you are in a multiuser environment and not using a networked authentication scheme such as Kerberos, you should consider using Shadow Utilities (also known as shadow passwords) for the enhanced protection offered for your system's authentication files. During the installation of Red Hat Linux, shadow password protection for your system is enabled by default, as are MD5 passwords (an alternative and arguably more secure method of encrypting passwords for storage on your system).

Shadow passwords offer a few distinct advantages over the previous standard of storing passwords on UNIX and Linux systems, including:

  • Improved system security by moving the encrypted passwords (normally found in /etc/passwd) to /etc/shadow which is readable only by root

  • Information concerning password aging (how long it has been since a password was last changed)

  • Control over how long a password can remain unchanged before the user is required to change it

  • The ability to use the /etc/login.defs file to enforce a security policy, especially concerning password aging

The shadow-utils package contains a number of utilities that support:

  • Conversion from normal to shadow passwords and back (pwconv, pwunconv)

  • Verification of the password, group, and associated shadow files (pwck, grpck)

  • Industry-standard methods of adding, deleting and modifying user accounts (useradd, usermod, and userdel)

  • Industry-standard methods of adding, deleting, and modifying user groups (groupadd, groupmod, and groupdel)

  • Industry-standard method of administering the /etc/group file using gpasswd

NoteNote
 

There are some additional points of interest concerning these utilities:

  • The utilities will work properly whether shadowing is enabled or not.

  • The utilities have been slightly modified to support Red Hat's user private group scheme. For a description of the modifications, see the useradd man page. For more information on user private groups, turn to the section called User Private Groups.

  • The adduser script has been replaced with a symbolic link to /usr/sbin/useradd.

  • The tools in the shadow-utils package are not Kerberos, NIS, hesiod, or LDAP enabled. New users will be local only. For more information on Kerberos and LDAP, see Chapter 8 and Chapter 15.

PrevHomeNext
User Private GroupsUpBoot Process, Init, and Shutdown
 

 

 

 

Buy Cheap domains and domain register |  Cheap domain registration and transfer 

Disclaimer: For authoritative source or latest update to this documentation, please refer to http://www.redhat.com/docs/manuals/linux/

 

 
Quotes: As the ostrich when pursued hideth his head, but forgetteth his body; so the fears of a coward expose him to danger.No man likes to have his intelligence or good faith questioned, especially if he has doubts about it himself.