The Shadow package contains programs for handling passwords in a secure way. Estimated build time: &shadow-time; Estimated required disk space: &shadow-compsize; &aa-shadowpwd-down; &aa-shadowpwd-dep;   Shadow hard-wires the path to the passwd binary within the binary itself, but does this the wrong way. If a passwd binary is not present before installing Shadow, the package incorrectly assumes it is going to be located at /bin/passwd, but then installs it in /usr/bin/passwd. This will lead to errors about not finding /bin/passwd. To work around this bug, create a dummy passwd file, so that it gets hard-wired properly: touch /usr/bin/passwd The current Shadow suite has a problem that causes the newgrp command to fail. The following patch (also appearing in Shadow's CVS code) fixes this problem: patch -Np1 -i ../&shadow-patch; Now prepare Shadow for compilation: ./configure --prefix=/usr --libdir=/usr/lib --enable-shared Compile the package: make And install it: make install Shadow uses two files to configure authentication settings for the system. Install these two config files: cp etc/{limits,login.access} /etc We want to change the password method to enable MD5 passwords which are theoretically more secure than the default "crypt" method and also allow password lengths greater than 8 characters. We also need to change the old /var/spool/mail location for user mailboxes to the current location at /var/mail. We do this by changing the relevant configuration file while copying it to its destination: sed -e 's%/var/spool/mail%/var/mail%' \     -e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \     etc/login.defs.linux > /etc/login.defs Be extra careful when typing all of the above. It is probably safer to cut-and-paste it rather than try and type it all in. According to the man page of vipw, a vigr program should exist too. Since the installation procedure doesn't create this program, create a symlink manually: ln -s vipw /usr/sbin/vigr As the /bin/vipw symlink is redundant (and even pointing to a non-existent file), remove it: rm /bin/vipw Now move the sg program to its proper place: mv /bin/sg /usr/bin And move Shadow's dynamic libraries to a more appropriate location: mv /usr/lib/lib{shadow,misc}.so.0* /lib As some packages expect to find the just-moved libraries in /usr/lib, create the following symlinks: ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so The -D option of the useradd program requires this directory for it to work properly: mkdir /etc/default Coreutils has already installed a groups program in /usr/bin. If you wish, you can remove the one installed by Shadow: rm /bin/groups &c6-cf-shadowpwd; &c6-cf-password; &aa-shadowpwd-shortdesc; &aa-shadowpwd-desc;