Shadow passwords: Difference between revisions
Initial version |
(No difference)
|
Latest revision as of 12:31, 14 May 2007
Shadow passwords are an extension to storing all account information in the /etc/passwd
file. Originally, the encrypted passwords for all accounts were kept in the 2nd field of /etc/passwd
. Since this file needs to be world-readable in order to obtain information about accounts (including the username, UID, primary GID, GECOS information, home directory, and user shell), it meant that the encrypted passwords were also viewable. This provided a very nice known-ciphertext attack vector.
An extenstion was developed that addressed this insecurity, and added password and account aging abilities as well. All modern *nix distributions support shadow passwords, in addition to original method.
Aside from re-writing the PAM code, the main userspace change is the addition of /etc/shadow
, and several tools for manipulating this file. Unlike /etc/passwd
, the /etc/shadow
file must not be world-readable (suggested mode is 600). Of course, this means that all programs that read and write this file must be either setuid, or run by the root user; this includes common "user" programs such as "passwd".
This file stores the data for the following struct:
struct spwd { char *sp_namp; /* user login name */ char *sp_pwdp; /* encrypted password */ long sp_lstchg; /* last password change */ int sp_min; /* days until change allowed. */ int sp_max; /* days before change required */ int sp_warn; /* days warning for expiration */ int sp_inact; /* days before account inactive */ int sp_expire; /* date when account expires */ int sp_flag; /* reserved for future use */ }
The timing of the dates and times stored here can cause some confusion. The following timeline should help show when things occur:
N.B.: The "account expire" date can occur anywhere, including before the password expiration, password last-change, and account inactive dates.