Context Navigation

← Previous Changeset
Next Changeset →

Changeset d5d57b1

Timestamp:

10/01/2003 11:57:04 PM (21 years ago)

Author:

Greg Schafer <greg@…>

Branches:

10.0, 10.0-rc1, 10.1, 10.1-rc1, 11.0, 11.0-rc1, 11.0-rc2, 11.0-rc3, 11.1, 11.1-rc1, 11.2, 11.2-rc1, 11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, 6.0, 6.1, 6.1.1, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.5-systemd, 7.6, 7.6-systemd, 7.7, 7.7-systemd, 7.8, 7.8-systemd, 7.9, 7.9-systemd, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, arm, bdubbs/gcc13, ml-11.0, multilib, renodr/libudev-from-systemd, s6-init, trunk, v5_0, v5_1, v5_1_1, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/lfs-next, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/mips64el, xry111/pip3, xry111/rust-wip-20221008, xry111/update-glibc

Children:

Parents:

Message:

Chapter 6 - Shadow: Enable MD5 passwords. Closes Bug 600.

git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@2913 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689

Files:

: 4 edited

chapter01/changelog.xml (modified) (1 diff)
chapter06/config-shadowpwd.xml (modified) (1 diff)
chapter06/shadowpwd-inst.xml (modified) (3 diffs)
index.xml (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

chapter01/changelog.xml

-              rbd10d48
+              rd5d57b1
 </para></listitem>
+<listitem><para>October 2nd, 2003 [greg]: Chapter 6 - Shadow: Enable
+MD5 passwords. Closes Bug 600.</para></listitem>
 <listitem><para>September 27th, 2003 [greg]: Chapter 5 - Expect: Tweak install
 so that redundant scripts are not installed. Chapter 6 - Creating essential

chapter06/config-shadowpwd.xml

-              rbd10d48
+              rd5d57b1
 <para><screen><userinput>/usr/sbin/grpconv</userinput></screen></para>
+<para>Under normal circumstances, you won't have created any passwords yet.
+However, if returning to this section to enable shadowing, you should reset any
+current user passwords with the <userinput>passwd</userinput> command or any
+group passwords with the <userinput>gpasswd</userinput> command.</para>
 </sect2>

chapter06/shadowpwd-inst.xml

-              rbd10d48
+              rd5d57b1
 <sect2>
 <title>Installation of Shadow Password Suite</title>
-<para>Before you install this package, you may want to have a look at
-the Shadow hint. It discusses how you can make your system more secure
-regarding passwords, such as how to enable the more secure MD5 passwords
-and how to get the most out of this Shadow package. The Shadow hint can
-be found at <ulink url="&hints-root;shadowpasswd_plus.txt"/>.</para>
 <para>The <userinput>login</userinput>, <userinput>getty</userinput> and
 …
 <para>Shadow hard-wires the path to the <userinput>passwd</userinput> binary
+within the binary itself, but does this the wrong way. If before installing
+Shadow no <userinput>passwd</userinput> binary is present , the package wrongly
+assumes it is going to be located at <filename>/bin/passwd</filename>,
+but then installs it in <filename>/usr/bin/passwd</filename>. This will lead
+to weird errors about not finding <filename>/bin/passwd</filename>. To work
+around this bug, create a dummy <filename>passwd</filename> file,
+so that it gets hard-wired properly:</para>
+within the binary itself, but does this the wrong way. If a
+<userinput>passwd</userinput> binary is not present before installing Shadow,
+the package wrongly assumes it is going to be located at
+<filename>/bin/passwd</filename>, but then installs it in
+<filename>/usr/bin/passwd</filename>. This will lead to weird errors about not
+finding <filename>/bin/passwd</filename>. To work around this bug, create a
+dummy <filename>passwd</filename> file, so that it gets hard-wired
+properly:</para>
 <para><screen><userinput>touch /usr/bin/passwd</userinput></screen></para>
 …
 <para><screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen></para>
+<para>In the old days <filename class="directory">/var/spool/mail</filename>
+was the location for the user mailboxes, but nowadays <filename
+class="directory">/var/mail</filename> is used. Change the default mailbox
+location in the relevant configuration file while copying it to its
+destination:</para>
+<para>We want to change the password method to enable MD5 passwords which are
+theoretically more secure than the default "crypt" method and also allow
+password lengths greater than 8 characters. We also need to change the old
+<filename class="directory">/var/spool/mail</filename> location for user
+mailboxes to the current location at
+<filename class="directory">/var/mail</filename>. We do this by changing the
+relevant configuration file while copying it to its destination:</para>
+<para><screen><userinput>sed 's%/var/spool/mail%/var/mail%' \
+<para><screen><userinput>sed -e 's%/var/spool/mail%/var/mail%' \
+&nbsp;&nbsp;&nbsp;&nbsp;-e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
 &nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen></para>
+<note><para>Be extra careful when typing all of the above. It is probably safer
+to cut-and-paste it rather than try and type it all in.</para></note>
 <para>According to the man page of <userinput>vipw</userinput>, a

index.xml

-              rbd10d48
+              rd5d57b1
 <!ENTITY version "20031001">
 <!ENTITY releasedate "October 1st, 2003">
+<!ENTITY version "20031002">
+<!ENTITY releasedate "October 2nd, 2003">
 <!ENTITY nbsp " ">

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: