Installing Shadow-&shadow-version; The Shadow package contains programs for handling passwords in a secure way. &buildtime; &shadow-time; &diskspace; &shadow-compsize; &aa-shadow-down; &aa-shadow-dep;    Installation of Shadow Shadow hard-wires the path to the passwd binary within the binary itself, but does this the wrong way. If a passwd binary is not present before installing Shadow, the package incorrectly assumes it is going to be located at /bin/passwd, but then installs it as /usr/bin/passwd. This will lead to errors about not finding /bin/passwd. To work around this bug, create a dummy passwd file, so that it gets hard-wired properly: touch /usr/bin/passwd Now prepare Shadow for compilation: ./configure --libdir=/usr/lib --enable-shared Work around a problem that prevents Shadow's internationalization from working: echo '#define HAVE_SETLOCALE 1' >> config.h Compile the package: make And install it: make install Shadow uses two files to configure authentication settings for the system. Install these two config files: cp etc/{limits,login.access} /etc Instead of using the default crypt method, we want to use the more secure MD5 method of password encryption, which in addition allows passwords longer than 8 characters. We also need to change the obsolete /var/spool/mail location for user mailboxes that Shadow uses by default to the /var/mail location used nowadays. We accomplish both these things by changing the relevant configuration file while copying it to its destination (it's probably better to cut-and-paste this rather than try and type it all in): sed -e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \     -e 's%/var/spool/mail%/var/mail%' \     etc/login.defs.linux > /etc/login.defs Move some misplaced symlinks to their proper locations: mv /bin/sg /usr/bin mv /bin/vigr /usr/sbin And move Shadow's dynamic libraries to a more appropriate location: mv /usr/lib/lib{shadow,misc}.so.0* /lib As some packages expect to find the just-moved libraries in /usr/lib, create the following symlinks: ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so The -D option of the useradd program requires this directory for it to work properly: mkdir /etc/default Coreutils has already installed a better groups program in /usr/bin. Remove the one installed by Shadow: rm /bin/groups    Configuring Shadow This package contains utilities to add, modify and delete users and groups, set and change their passwords, and other such administrative tasks. For a full explanation of what password shadowing means, see the doc/HOWTO file within the unpacked source tree. There's one thing to keep in mind if you decide to use Shadow support: programs that need to verify passwords (display managers, ftp programs, pop3 daemons, and the like) need to be shadow-compliant, that is they need to be able to work with shadowed passwords. To enable shadowed passwords, run the following command: pwconv And to enable shadowed group passwords, run: grpconv Under normal circumstances, you won't have created any passwords yet. However, if returning to this section later to enable shadowing, you should reset any current user passwords with the passwd command or any group passwords with the gpasswd command.    Setting the root password Choose a password for user root and set it via: passwd root &aa-shadow-shortdesc; &aa-shadow-desc;