Changing /etc/shadow perms to 444 is a HORRIBLE idea and ruins one of
the main purposes of /etc/shadow which was to prevent hackers from
grabbing the encrypted passwords to run Crack on. If users are allowed
to login to this box then you should strongly reconsider this method.
Regards,
Shannon Kelman
-------------------
> I had made some test about it,and i found that ncsa_auth program can
recognize the /etc/shadow(however,/etc/passwd is not
> encrypted,it is centainly not be read by auth program.) Please notice
that your should change your /etc/shadow's
> mode(chmod 444 /etc/shadow),then it can be read by your users.
/>riser
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:02 MST