|
|
@@ -16,14 +16,14 @@ way.</para>
|
|
|
<sect2>
|
|
|
<title>Installation of Shadow</title>
|
|
|
|
|
|
-<para>Shadow hard-wires the path to the <command>passwd</command> binary
|
|
|
-within the binary itself, but does this the wrong way. If a
|
|
|
-<command>passwd</command> binary is not present before installing Shadow,
|
|
|
-the package incorrectly assumes it is going to be located at
|
|
|
-<filename>/bin/passwd</filename>, but then installs it in
|
|
|
-<filename>/usr/bin/passwd</filename>. This will lead to errors about not finding
|
|
|
-<filename>/bin/passwd</filename>. To work around this bug, create a dummy
|
|
|
-<filename>passwd</filename> file, so that it gets hard-wired properly:</para>
|
|
|
+<para>Shadow hard-wires the path to the <command>passwd</command> binary within
|
|
|
+the binary itself, but does this the wrong way. If a <command>passwd</command>
|
|
|
+binary is not present before installing Shadow, the package incorrectly assumes
|
|
|
+it is going to be located at <filename>/bin/passwd</filename>, but then
|
|
|
+installs it as <filename>/usr/bin/passwd</filename>. This will lead to errors
|
|
|
+about not finding <filename>/bin/passwd</filename>. To work around this bug,
|
|
|
+create a dummy <filename>passwd</filename> file, so that it gets hard-wired
|
|
|
+properly:</para>
|
|
|
|
|
|
<screen><userinput>touch /usr/bin/passwd</userinput></screen>
|
|
|
|
|
|
@@ -49,21 +49,20 @@ system. Install these two config files:</para>
|
|
|
|
|
|
<screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen>
|
|
|
|
|
|
-<para>We want to change the password method to enable MD5 passwords which are
|
|
|
-theoretically more secure than the default crypt method and also allow
|
|
|
-password lengths greater than 8 characters. We also need to change the old
|
|
|
-<filename class="directory">/var/spool/mail</filename> location for user
|
|
|
-mailboxes to the current location at
|
|
|
-<filename class="directory">/var/mail</filename>. We do this by changing the
|
|
|
-relevant configuration file while copying it to its destination:</para>
|
|
|
-
|
|
|
-<screen><userinput>sed -e 's%/var/spool/mail%/var/mail%' \
|
|
|
- -e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
|
|
|
+<para>Instead of using the default <emphasis>crypt</emphasis> method, we want
|
|
|
+to use the more secure <emphasis>MD5</emphasis> method of password encryption,
|
|
|
+which in addition allows passwords longer than 8 characters. We also need to
|
|
|
+change the obsolete <filename class="directory">/var/spool/mail</filename>
|
|
|
+location for user mailboxes that Shadow uses by default to the <filename
|
|
|
+class="directory">/var/mail</filename> location used nowadays. We accomplish
|
|
|
+both these things by changing the relevant configuration file while copying it
|
|
|
+to its destination (it's probably better to cut-and-paste this rather than try
|
|
|
+and type it all in):</para>
|
|
|
+
|
|
|
+<screen><userinput>sed -e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
|
|
|
+ -e 's%/var/spool/mail%/var/mail%' \
|
|
|
etc/login.defs.linux > /etc/login.defs</userinput></screen>
|
|
|
|
|
|
-<note><para>Be extra careful when typing all of the above. It is probably safer
|
|
|
-to cut-and-paste it rather than try and type it all in.</para></note>
|
|
|
-
|
|
|
<para>Move some misplaced symlinks to their proper locations:</para>
|
|
|
|
|
|
<screen><userinput>mv /bin/sg /usr/bin
|
|
|
@@ -85,8 +84,8 @@ directory for it to work properly:</para>
|
|
|
<screen><userinput>mkdir /etc/default</userinput></screen>
|
|
|
|
|
|
<para>Coreutils has already installed a better <command>groups</command>
|
|
|
-program in <filename>/usr/bin</filename>. Remove the one installed by
|
|
|
-Shadow:</para>
|
|
|
+program in <filename class="directory">/usr/bin</filename>. Remove the one
|
|
|
+installed by Shadow:</para>
|
|
|
|
|
|
<screen><userinput>rm /bin/groups</userinput></screen>
|
|
|
|
|
|
@@ -96,31 +95,32 @@ Shadow:</para>
|
|
|
|
|
|
<sect2><title>Configuring Shadow</title>
|
|
|
|
|
|
-<para>This package contains utilities to modify users' passwords, add
|
|
|
-or delete users and groups, and the like. We're not going to explain what
|
|
|
-'password shadowing' means. A full explanation can be found in the
|
|
|
-<filename>doc/HOWTO</filename>
|
|
|
-file within the unpacked Shadow source tree. There's one
|
|
|
-thing to keep in mind if you decide to use Shadow support: programs that
|
|
|
-need to verify passwords (for example xdm, ftp daemons, pop3 daemons) need
|
|
|
-to be 'shadow-compliant', that is they need to be able to work with
|
|
|
-shadowed passwords.</para>
|
|
|
+<para>This package contains utilities to add, modify and delete users and
|
|
|
+groups, set and change their passwords, and other such administrative tasks.
|
|
|
+For a full explanation of what <emphasis>password shadowing</emphasis> means,
|
|
|
+see the <filename>doc/HOWTO</filename> file within the unpacked source tree.
|
|
|
+There's one thing to keep in mind if you decide to use Shadow support: programs
|
|
|
+that need to verify passwords (display managers, ftp programs, pop3 daemons,
|
|
|
+and the like) need to be <emphasis>shadow-compliant</emphasis>, that is they
|
|
|
+need to be able to work with shadowed passwords.</para>
|
|
|
|
|
|
<para>To enable shadowed passwords, run the following command:</para>
|
|
|
|
|
|
<screen><userinput>/usr/sbin/pwconv</userinput></screen>
|
|
|
|
|
|
-<para>And to enable shadowed group passwords, run the following
|
|
|
-command:</para>
|
|
|
+<para>And to enable shadowed group passwords, run:</para>
|
|
|
|
|
|
<screen><userinput>/usr/sbin/grpconv</userinput></screen>
|
|
|
|
|
|
<para>Under normal circumstances, you won't have created any passwords yet.
|
|
|
-However, if returning to this section to enable shadowing, you should reset any
|
|
|
-current user passwords with the <command>passwd</command> command or any
|
|
|
-group passwords with the <command>gpasswd</command> command.</para>
|
|
|
+However, if returning to this section later to enable shadowing, you should
|
|
|
+reset any current user passwords with the <command>passwd</command> command or
|
|
|
+any group passwords with the <command>gpasswd</command> command.</para>
|
|
|
+
|
|
|
</sect2>
|
|
|
|
|
|
+<sect2><title> </title><para> </para></sect2>
|
|
|
+
|
|
|
<sect2>
|
|
|
<title>Setting the root password</title>
|
|
|
|
Alex Gronenwoud