Context Navigation

-              r5b0dd3a
+              rc21999c6
 <title>Installation of Shadow</title>
 <para>Shadow hard-wires the path to the <command>passwd</command> binary
+within the binary itself, but does this the wrong way. If a
+<command>passwd</command> binary is not present before installing Shadow,
+the package incorrectly assumes it is going to be located at
+<filename>/bin/passwd</filename>, but then installs it in
+<filename>/usr/bin/passwd</filename>. This will lead to errors about not finding
+<filename>/bin/passwd</filename>. To work around this bug, create a dummy
 <filename>passwd</filename> file, so that it gets hard-wired properly:</para>
+<para>Shadow hard-wires the path to the <command>passwd</command> binary within
+the binary itself, but does this the wrong way. If a <command>passwd</command>
+binary is not present before installing Shadow, the package incorrectly assumes
+it is going to be located at <filename>/bin/passwd</filename>, but then
+installs it as <filename>/usr/bin/passwd</filename>. This will lead to errors
+about not finding <filename>/bin/passwd</filename>. To work around this bug,
+create a dummy <filename>passwd</filename> file, so that it gets hard-wired
+properly:</para>
 <screen><userinput>touch /usr/bin/passwd</userinput></screen>
 …
 <screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen>
+<para>We want to change the password method to enable MD5 passwords which are
+theoretically more secure than the default crypt method and also allow
+password lengths greater than 8 characters. We also need to change the old
+<filename class="directory">/var/spool/mail</filename> location for user
+mailboxes to the current location at
+<filename class="directory">/var/mail</filename>. We do this by changing the
+relevant configuration file while copying it to its destination:</para>
+<para>Instead of using the default <emphasis>crypt</emphasis> method, we want
+to use the more secure <emphasis>MD5</emphasis> method of password encryption,
+which in addition allows passwords longer than 8 characters. We also need to
+change the obsolete <filename class="directory">/var/spool/mail</filename>
+location for user mailboxes that Shadow uses by default to the <filename
+class="directory">/var/mail</filename> location used nowadays. We accomplish
+both these things by changing the relevant configuration file while copying it
+to its destination (it's probably better to cut-and-paste this rather than try
+and type it all in):</para>
 <screen><userinput>sed -e 's%/var/spool/mail%/var/mail%' \
 &nbsp;&nbsp;&nbsp;&nbsp;-e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
+<screen><userinput>sed -e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
+&nbsp;&nbsp;&nbsp;&nbsp;-e 's%/var/spool/mail%/var/mail%' \
 &nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen>
-<note><para>Be extra careful when typing all of the above. It is probably safer
-to cut-and-paste it rather than try and type it all in.</para></note>
 <para>Move some misplaced symlinks to their proper locations:</para>
 …
 <para>Coreutils has already installed a better <command>groups</command>
 program in <filename>/usr/bin</filename>. Remove the one installed by
 Shadow:</para>
+program in <filename class="directory">/usr/bin</filename>. Remove the one
+installed by Shadow:</para>
 <screen><userinput>rm /bin/groups</userinput></screen>
 …
 <sect2><title>Configuring Shadow</title>
+<para>This package contains utilities to modify users' passwords, add
+or delete users and groups, and the like. We're not going to explain what
+'password shadowing' means. A full explanation can be found in the
+<filename>doc/HOWTO</filename>
+file within the unpacked Shadow source tree. There's one
+thing to keep in mind if you decide to use Shadow support: programs that
+need to verify passwords (for example xdm, ftp daemons, pop3 daemons) need
+to be 'shadow-compliant', that is they need to be able to work with
+shadowed passwords.</para>
+<para>This package contains utilities to add, modify and delete users and
+groups, set and change their passwords, and other such administrative tasks.
+For a full explanation of what <emphasis>password shadowing</emphasis> means,
+see the <filename>doc/HOWTO</filename> file within the unpacked source tree.
+There's one thing to keep in mind if you decide to use Shadow support: programs
+that need to verify passwords (display managers, ftp programs, pop3 daemons,
+and the like) need to be <emphasis>shadow-compliant</emphasis>, that is they
+need to be able to work with shadowed passwords.</para>
 <para>To enable shadowed passwords, run the following command:</para>
 …
 <screen><userinput>/usr/sbin/pwconv</userinput></screen>
+<para>And to enable shadowed group passwords, run the following
+command:</para>
+<para>And to enable shadowed group passwords, run:</para>
 <screen><userinput>/usr/sbin/grpconv</userinput></screen>
 <para>Under normal circumstances, you won't have created any passwords yet.
+However, if returning to this section to enable shadowing, you should reset any
+current user passwords with the <command>passwd</command> command or any
+group passwords with the <command>gpasswd</command> command.</para>
+However, if returning to this section later to enable shadowing, you should
+reset any current user passwords with the <command>passwd</command> command or
+any group passwords with the <command>gpasswd</command> command.</para>
 </sect2>
+<sect2><title>&nbsp;</title><para>&nbsp;</para></sect2>
 <sect2>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset c21999c6

Legend:

chapter06/shadow.xml

Download in other formats: