Brushing up the Shadow page.

git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@3233 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689

chapter06/shadow.xml

@@ -16,14 +16,14 @@ way.</para>
 <sect2>
 <title>Installation of Shadow</title>
 
-<para>Shadow hard-wires the path to the <command>passwd</command> binary
-within the binary itself, but does this the wrong way. If a
-<command>passwd</command> binary is not present before installing Shadow,
-the package incorrectly assumes it is going to be located at
-<filename>/bin/passwd</filename>, but then installs it in
-<filename>/usr/bin/passwd</filename>. This will lead to errors about not finding
-<filename>/bin/passwd</filename>. To work around this bug, create a dummy
-<filename>passwd</filename> file, so that it gets hard-wired properly:</para>
+<para>Shadow hard-wires the path to the <command>passwd</command> binary within
+the binary itself, but does this the wrong way. If a <command>passwd</command>
+binary is not present before installing Shadow, the package incorrectly assumes
+it is going to be located at <filename>/bin/passwd</filename>, but then
+installs it as <filename>/usr/bin/passwd</filename>. This will lead to errors
+about not finding <filename>/bin/passwd</filename>. To work around this bug,
+create a dummy <filename>passwd</filename> file, so that it gets hard-wired
+properly:</para>
 
 <screen><userinput>touch /usr/bin/passwd</userinput></screen>
 
@@ -49,21 +49,20 @@ system. Install these two config files:</para>
 
 <screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen>
 
-<para>We want to change the password method to enable MD5 passwords which are
-theoretically more secure than the default crypt method and also allow
-password lengths greater than 8 characters. We also need to change the old
-<filename class="directory">/var/spool/mail</filename> location for user
-mailboxes to the current location at
-<filename class="directory">/var/mail</filename>. We do this by changing the
-relevant configuration file while copying it to its destination:</para>
+<para>Instead of using the default <emphasis>crypt</emphasis> method, we want
+to use the more secure <emphasis>MD5</emphasis> method of password encryption,
+which in addition allows passwords longer than 8 characters. We also need to
+change the obsolete <filename class="directory">/var/spool/mail</filename>
+location for user mailboxes that Shadow uses by default to the <filename
+class="directory">/var/mail</filename> location used nowadays. We accomplish
+both these things by changing the relevant configuration file while copying it
+to its destination (it's probably better to cut-and-paste this rather than try
+and type it all in):</para>
 
-<screen><userinput>sed -e 's%/var/spool/mail%/var/mail%' \
-&nbsp;&nbsp;&nbsp;&nbsp;-e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
+<screen><userinput>sed -e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
+&nbsp;&nbsp;&nbsp;&nbsp;-e 's%/var/spool/mail%/var/mail%' \
 &nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen>
 
-<note><para>Be extra careful when typing all of the above. It is probably safer
-to cut-and-paste it rather than try and type it all in.</para></note>
-
 <para>Move some misplaced symlinks to their proper locations:</para>
 
 <screen><userinput>mv /bin/sg /usr/bin
@@ -85,8 +84,8 @@ directory for it to work properly:</para>
 <screen><userinput>mkdir /etc/default</userinput></screen>
 
 <para>Coreutils has already installed a better <command>groups</command>
-program in <filename>/usr/bin</filename>. Remove the one installed by
-Shadow:</para>
+program in <filename class="directory">/usr/bin</filename>. Remove the one
+installed by Shadow:</para>
 
 <screen><userinput>rm /bin/groups</userinput></screen>
 
@@ -96,31 +95,32 @@ Shadow:</para>
 
 <sect2><title>Configuring Shadow</title>
 
-<para>This package contains utilities to modify users' passwords, add
-or delete users and groups, and the like. We're not going to explain what
-'password shadowing' means. A full explanation can be found in the
-<filename>doc/HOWTO</filename>
-file within the unpacked Shadow source tree. There's one 
-thing to keep in mind if you decide to use Shadow support: programs that
-need to verify passwords (for example xdm, ftp daemons, pop3 daemons) need
-to be 'shadow-compliant', that is they need to be able to work with 
-shadowed passwords.</para>
+<para>This package contains utilities to add, modify and delete users and
+groups, set and change their passwords, and other such administrative tasks.
+For a full explanation of what <emphasis>password shadowing</emphasis> means,
+see the <filename>doc/HOWTO</filename> file within the unpacked source tree.
+There's one thing to keep in mind if you decide to use Shadow support: programs
+that need to verify passwords (display managers, ftp programs, pop3 daemons,
+and the like) need to be <emphasis>shadow-compliant</emphasis>, that is they
+need to be able to work with shadowed passwords.</para>
 
 <para>To enable shadowed passwords, run the following command:</para>
 
 <screen><userinput>/usr/sbin/pwconv</userinput></screen>
 
-<para>And to enable shadowed group passwords, run the following
-command:</para>
+<para>And to enable shadowed group passwords, run:</para>
 
 <screen><userinput>/usr/sbin/grpconv</userinput></screen>
 
 <para>Under normal circumstances, you won't have created any passwords yet.
-However, if returning to this section to enable shadowing, you should reset any
-current user passwords with the <command>passwd</command> command or any
-group passwords with the <command>gpasswd</command> command.</para>
+However, if returning to this section later to enable shadowing, you should
+reset any current user passwords with the <command>passwd</command> command or
+any group passwords with the <command>gpasswd</command> command.</para>
+
 </sect2>
 
+<sect2><title>&nbsp;</title><para>&nbsp;</para></sect2>
+
 <sect2>
 <title>Setting the root password</title>