> Thus, the shadow file locks things up a bit more, brings some more
> complexity, but this doesn't mean /etc/passwd is insecure.
> If you use strong passwords, you don't need the shadow-file. If you
> have a weak password, the shadow-file on the other hand just delays the
> eventual breach.
The problem arises when you have a system with hundred of users. You have
to ensure that all the users have a strong password (some of them without
any basic knowledge about computers or security), so the only way is
modifying passwd program to force secure passwords, so at the end you
add complexity in another part of the system.
--
Roberto E. Vargas Caballero
Received on Wed Jun 04 2014 - 17:14:19 CEST