Changeset c21999c6
- Timestamp:
- 02/07/2004 10:48:44 AM (20 years ago)
- Branches:
- 10.0, 10.0-rc1, 10.1, 10.1-rc1, 11.0, 11.0-rc1, 11.0-rc2, 11.0-rc3, 11.1, 11.1-rc1, 11.2, 11.2-rc1, 11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, 6.0, 6.1, 6.1.1, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.5-systemd, 7.6, 7.6-systemd, 7.7, 7.7-systemd, 7.8, 7.8-systemd, 7.9, 7.9-systemd, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, arm, bdubbs/gcc13, ml-11.0, multilib, renodr/libudev-from-systemd, s6-init, trunk, v5_1, v5_1_1, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/lfs-next, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/mips64el, xry111/pip3, xry111/rust-wip-20221008, xry111/update-glibc
- Children:
- 8a5f906
- Parents:
- 5b0dd3a
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
chapter06/shadow.xml
r5b0dd3a rc21999c6 17 17 <title>Installation of Shadow</title> 18 18 19 <para>Shadow hard-wires the path to the <command>passwd</command> binary 20 within the binary itself, but does this the wrong way. If a 21 <command>passwd</command> binary is not present before installing Shadow, 22 the package incorrectly assumes it is going to be located at 23 <filename>/bin/passwd</filename>, but then installs it in 24 <filename>/usr/bin/passwd</filename>. This will lead to errors about not finding 25 <filename>/bin/passwd</filename>. To work around this bug, create a dummy 26 <filename>passwd</filename> file, so that it gets hard-wiredproperly:</para>19 <para>Shadow hard-wires the path to the <command>passwd</command> binary within 20 the binary itself, but does this the wrong way. If a <command>passwd</command> 21 binary is not present before installing Shadow, the package incorrectly assumes 22 it is going to be located at <filename>/bin/passwd</filename>, but then 23 installs it as <filename>/usr/bin/passwd</filename>. This will lead to errors 24 about not finding <filename>/bin/passwd</filename>. To work around this bug, 25 create a dummy <filename>passwd</filename> file, so that it gets hard-wired 26 properly:</para> 27 27 28 28 <screen><userinput>touch /usr/bin/passwd</userinput></screen> … … 50 50 <screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen> 51 51 52 <para>We want to change the password method to enable MD5 passwords which are 53 theoretically more secure than the default crypt method and also allow 54 password lengths greater than 8 characters. We also need to change the old 55 <filename class="directory">/var/spool/mail</filename> location for user 56 mailboxes to the current location at 57 <filename class="directory">/var/mail</filename>. We do this by changing the 58 relevant configuration file while copying it to its destination:</para> 52 <para>Instead of using the default <emphasis>crypt</emphasis> method, we want 53 to use the more secure <emphasis>MD5</emphasis> method of password encryption, 54 which in addition allows passwords longer than 8 characters. We also need to 55 change the obsolete <filename class="directory">/var/spool/mail</filename> 56 location for user mailboxes that Shadow uses by default to the <filename 57 class="directory">/var/mail</filename> location used nowadays. We accomplish 58 both these things by changing the relevant configuration file while copying it 59 to its destination (it's probably better to cut-and-paste this rather than try 60 and type it all in):</para> 59 61 60 <screen><userinput>sed -e 's% /var/spool/mail%/var/mail%' \61 -e 's% #MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \62 <screen><userinput>sed -e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \ 63 -e 's%/var/spool/mail%/var/mail%' \ 62 64 etc/login.defs.linux > /etc/login.defs</userinput></screen> 63 64 <note><para>Be extra careful when typing all of the above. It is probably safer65 to cut-and-paste it rather than try and type it all in.</para></note>66 65 67 66 <para>Move some misplaced symlinks to their proper locations:</para> … … 86 85 87 86 <para>Coreutils has already installed a better <command>groups</command> 88 program in <filename >/usr/bin</filename>. Remove the one installed by89 Shadow:</para>87 program in <filename class="directory">/usr/bin</filename>. Remove the one 88 installed by Shadow:</para> 90 89 91 90 <screen><userinput>rm /bin/groups</userinput></screen> … … 97 96 <sect2><title>Configuring Shadow</title> 98 97 99 <para>This package contains utilities to modify users' passwords, add 100 or delete users and groups, and the like. We're not going to explain what 101 'password shadowing' means. A full explanation can be found in the 102 <filename>doc/HOWTO</filename> 103 file within the unpacked Shadow source tree. There's one 104 thing to keep in mind if you decide to use Shadow support: programs that 105 need to verify passwords (for example xdm, ftp daemons, pop3 daemons) need 106 to be 'shadow-compliant', that is they need to be able to work with 107 shadowed passwords.</para> 98 <para>This package contains utilities to add, modify and delete users and 99 groups, set and change their passwords, and other such administrative tasks. 100 For a full explanation of what <emphasis>password shadowing</emphasis> means, 101 see the <filename>doc/HOWTO</filename> file within the unpacked source tree. 102 There's one thing to keep in mind if you decide to use Shadow support: programs 103 that need to verify passwords (display managers, ftp programs, pop3 daemons, 104 and the like) need to be <emphasis>shadow-compliant</emphasis>, that is they 105 need to be able to work with shadowed passwords.</para> 108 106 109 107 <para>To enable shadowed passwords, run the following command:</para> … … 111 109 <screen><userinput>/usr/sbin/pwconv</userinput></screen> 112 110 113 <para>And to enable shadowed group passwords, run the following 114 command:</para> 111 <para>And to enable shadowed group passwords, run:</para> 115 112 116 113 <screen><userinput>/usr/sbin/grpconv</userinput></screen> 117 114 118 115 <para>Under normal circumstances, you won't have created any passwords yet. 119 However, if returning to this section to enable shadowing, you should reset any 120 current user passwords with the <command>passwd</command> command or any 121 group passwords with the <command>gpasswd</command> command.</para> 116 However, if returning to this section later to enable shadowing, you should 117 reset any current user passwords with the <command>passwd</command> command or 118 any group passwords with the <command>gpasswd</command> command.</para> 119 122 120 </sect2> 121 122 <sect2><title> </title><para> </para></sect2> 123 123 124 124 <sect2>
Note:
See TracChangeset
for help on using the changeset viewer.