The Shadow package contains programs for handling passwords in a secure way.
Prepare Shadow for compilation:
./configure --libdir=/lib --enable-shared
Remove the installation of the groups program, and its man page as Coreutils provides a better version:
sed -i 's/groups$(EXEEXT) //' src/Makefile sed -i '/groups/d' man/Makefile
Compile the package:
make
Install the package:
make install
Shadow uses two files to configure authentication settings for the system. Install these two configuration files:
cp etc/{limits,login.access} /etc
Instead of using the default crypt method, use the more secure MD5 method of password encryption, which also allows passwords longer than 8 characters. It is also necessary to change the obsolete /var/spool/mail location for user mailboxes that Shadow uses by default to the /var/mail location used currently. Both of these can be accomplished by changing the relevant configuration file while copying it to its destination:
sed -e's@#MD5_CRYPT_ENAB.no@MD5_CRYPT_ENAB yes@' \ -e 's@/var/spool/mail@/var/mail@' \ etc/login.defs.linux > /etc/login.defs
Move a misplaced program to its proper location:
mv /usr/bin/passwd /bin
Move Shadow's libraries to more appropriate locations:
mv /lib/libshadow.*a /usr/lib rm /lib/libshadow.so ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
The -D option of the useradd program requires the /etc/default directory for it to work properly:
mkdir /etc/default
This package contains utilities to add, modify, and delete users and groups; set and change their passwords; and perform other administrative tasks. For a full explanation of what password shadowing means, see the doc/HOWTO file within the unpacked source tree. If using Shadow support, keep in mind that programs which need to verify passwords (display managers, FTP programs, pop3 daemons, etc.) must be Shadow-compliant. That is, they need to be able to work with shadowed passwords.
To enable shadowed passwords, run the following command:
pwconv
To enable shadowed group passwords, run:
grpconv
Under normal circumstances, passwords will not have been created yet. However, if returning to this section later to enable shadowing, reset any current user passwords with the passwd command or any group passwords with the gpasswd command.
Choose a password for user root and set it by running:
passwd root