The Debian GNU/Linux FAQ
Chapter 14 - Changes expected in the next major release of Debian
14.1 Increased security
Debian contains support for shadow passwords since release 1.3. In addition,
the Linux library of Pluggable Authentication Modules (a.k.a.
allows sysadmins to choose authorization modes on an application-specific basis
is available, and initially set to authenticate via shadow password.
Including full support for advanced authentication methods such as Kerberos, as
well as additional security enhancements for mandatory access control
mechanisms such as SElinux, RSBAC and buffer overflow protection like
Exec-shield or PaX is still in progress.