diff options
author | Alex Gronenwoud <alex@linuxfromscratch.org> | 2004-02-07 10:48:44 +0000 |
---|---|---|
committer | Alex Gronenwoud <alex@linuxfromscratch.org> | 2004-02-07 10:48:44 +0000 |
commit | c21999c677ff9383c9e1220675f76658a1d42438 (patch) | |
tree | 1a27e318e12c05ee32c00a99e53a50768da077ee /chapter06 | |
parent | 5b0dd3a11dc2409ba4ea26ef6d9641e1204f1d29 (diff) |
Brushing up the Shadow page.
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@3233 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
Diffstat (limited to 'chapter06')
-rw-r--r-- | chapter06/shadow.xml | 74 |
1 files changed, 37 insertions, 37 deletions
diff --git a/chapter06/shadow.xml b/chapter06/shadow.xml index 69aaf0150..5d4c12a61 100644 --- a/chapter06/shadow.xml +++ b/chapter06/shadow.xml @@ -16,14 +16,14 @@ way.</para> <sect2> <title>Installation of Shadow</title> -<para>Shadow hard-wires the path to the <command>passwd</command> binary -within the binary itself, but does this the wrong way. If a -<command>passwd</command> binary is not present before installing Shadow, -the package incorrectly assumes it is going to be located at -<filename>/bin/passwd</filename>, but then installs it in -<filename>/usr/bin/passwd</filename>. This will lead to errors about not finding -<filename>/bin/passwd</filename>. To work around this bug, create a dummy -<filename>passwd</filename> file, so that it gets hard-wired properly:</para> +<para>Shadow hard-wires the path to the <command>passwd</command> binary within +the binary itself, but does this the wrong way. If a <command>passwd</command> +binary is not present before installing Shadow, the package incorrectly assumes +it is going to be located at <filename>/bin/passwd</filename>, but then +installs it as <filename>/usr/bin/passwd</filename>. This will lead to errors +about not finding <filename>/bin/passwd</filename>. To work around this bug, +create a dummy <filename>passwd</filename> file, so that it gets hard-wired +properly:</para> <screen><userinput>touch /usr/bin/passwd</userinput></screen> @@ -49,21 +49,20 @@ system. Install these two config files:</para> <screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen> -<para>We want to change the password method to enable MD5 passwords which are -theoretically more secure than the default crypt method and also allow -password lengths greater than 8 characters. We also need to change the old -<filename class="directory">/var/spool/mail</filename> location for user -mailboxes to the current location at -<filename class="directory">/var/mail</filename>. We do this by changing the -relevant configuration file while copying it to its destination:</para> - -<screen><userinput>sed -e 's%/var/spool/mail%/var/mail%' \ - -e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \ +<para>Instead of using the default <emphasis>crypt</emphasis> method, we want +to use the more secure <emphasis>MD5</emphasis> method of password encryption, +which in addition allows passwords longer than 8 characters. We also need to +change the obsolete <filename class="directory">/var/spool/mail</filename> +location for user mailboxes that Shadow uses by default to the <filename +class="directory">/var/mail</filename> location used nowadays. We accomplish +both these things by changing the relevant configuration file while copying it +to its destination (it's probably better to cut-and-paste this rather than try +and type it all in):</para> + +<screen><userinput>sed -e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \ + -e 's%/var/spool/mail%/var/mail%' \ etc/login.defs.linux > /etc/login.defs</userinput></screen> -<note><para>Be extra careful when typing all of the above. It is probably safer -to cut-and-paste it rather than try and type it all in.</para></note> - <para>Move some misplaced symlinks to their proper locations:</para> <screen><userinput>mv /bin/sg /usr/bin @@ -85,8 +84,8 @@ directory for it to work properly:</para> <screen><userinput>mkdir /etc/default</userinput></screen> <para>Coreutils has already installed a better <command>groups</command> -program in <filename>/usr/bin</filename>. Remove the one installed by -Shadow:</para> +program in <filename class="directory">/usr/bin</filename>. Remove the one +installed by Shadow:</para> <screen><userinput>rm /bin/groups</userinput></screen> @@ -96,31 +95,32 @@ Shadow:</para> <sect2><title>Configuring Shadow</title> -<para>This package contains utilities to modify users' passwords, add -or delete users and groups, and the like. We're not going to explain what -'password shadowing' means. A full explanation can be found in the -<filename>doc/HOWTO</filename> -file within the unpacked Shadow source tree. There's one -thing to keep in mind if you decide to use Shadow support: programs that -need to verify passwords (for example xdm, ftp daemons, pop3 daemons) need -to be 'shadow-compliant', that is they need to be able to work with -shadowed passwords.</para> +<para>This package contains utilities to add, modify and delete users and +groups, set and change their passwords, and other such administrative tasks. +For a full explanation of what <emphasis>password shadowing</emphasis> means, +see the <filename>doc/HOWTO</filename> file within the unpacked source tree. +There's one thing to keep in mind if you decide to use Shadow support: programs +that need to verify passwords (display managers, ftp programs, pop3 daemons, +and the like) need to be <emphasis>shadow-compliant</emphasis>, that is they +need to be able to work with shadowed passwords.</para> <para>To enable shadowed passwords, run the following command:</para> <screen><userinput>/usr/sbin/pwconv</userinput></screen> -<para>And to enable shadowed group passwords, run the following -command:</para> +<para>And to enable shadowed group passwords, run:</para> <screen><userinput>/usr/sbin/grpconv</userinput></screen> <para>Under normal circumstances, you won't have created any passwords yet. -However, if returning to this section to enable shadowing, you should reset any -current user passwords with the <command>passwd</command> command or any -group passwords with the <command>gpasswd</command> command.</para> +However, if returning to this section later to enable shadowing, you should +reset any current user passwords with the <command>passwd</command> command or +any group passwords with the <command>gpasswd</command> command.</para> + </sect2> +<sect2><title> </title><para> </para></sect2> + <sect2> <title>Setting the root password</title> |