TODO + Changelog

Avery Fay afay at ultranet.com
Tue Aug 1 12:45:56 PDT 2000


> +-Avery Fay-(afay at ultranet.com)-[28.07.00 04:31]:
> [shadowed-password-system]
> > However, I don't think it is needed.
>
> Hell no. Shadow password should be standard on _all_ unix-systems. If
> you ever were owned by a hacker you will think this over - really...
>
> Shadow-passwords are not _the_ anti-hacker-"tool", but they help make
> the system a little more secure.
>
>      Balu
> PS: s/hacker/cracker

Well, I'm about to get DSL and set up a firewall that only allow incoming
connections through port 443 (ssh). So... I'm really not to worried about
the lack of shadow passwords on my machine. Anyway, I think it's more secure
to not let anyone get onto your machine in the first place rather than
having to hide passwords in a different file. Also, shadow passwords won't
do a thing for programs like most versions of telnet and ftp that send
passwords in the clear.

Avery Fay




--
Mail archive: http://www.pcrdallas.com/mail-archives/lfs-discuss
IRC access: server: irc.linuxfromscratch.org port: 6667 channel: #LFS
Unsubscribe: email lfs-discuss-request at linuxfromscratch.org and put
"unsubscribe" (without the quotation marks) in the body of the message
(no subject is required)



More information about the lfs-dev mailing list