In multiuser environments it is very important to use shadow
passwords (provided by the shadow-utils
package). Doing so enhances the security of system authentication
files. For this reason, the installation program enables shadow
passwords by default.
The following lists the advantages pf shadow passwords have over the
traditional way of storing passwords on UNIX-based systems:
Improves system security by moving encrypted password hashes
from the world-readable /etc/passwd file to
/etc/shadow, which is readable only by the root
Stores information about password aging.
Allows the use the /etc/login.defs file to
enforce security policies.
Most utilities provided by the shadow-utils package
work properly whether or not shadow passwords are enabled. However,
since password aging information is stored exclusively in the
/etc/shadow file, any commands which create or
modify password aging information do not work.
The following is a list of commands which do not work without first
enabling shadow passwords: