gronod/lfs
1
0
Fork 0
mirror of https://git.linuxfromscratch.org/lfs.git synced 2025-03-05 22:04:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Chapter 6 - Shadow: Enable MD5 passwords. Closes Bug 600.

Browse Source 
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@2913 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
This commit is contained in:
Greg Schafer 2003-10-01 23:57:04 +00:00
parent bd10d48248
commit d5d57b1660
4 changed files with 29 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
chapter01/changelog.xml
View File

@ -95,6 +95,9 @@
</itemizedlist>
</para></listitem>
<listitem><para>October 2nd, 2003 [greg]: Chapter 6 - Shadow: Enable
MD5 passwords. Closes Bug 600.</para></listitem>
<listitem><para>September 27th, 2003 [greg]: Chapter 5 - Expect: Tweak install
so that redundant scripts are not installed. Chapter 6 - Creating essential
symlinks: Remove redundant links. Chapter 6 - man: Remove PATH, closes

4
chapter06/config-shadowpwd.xml
View File

@ -20,5 +20,9 @@ command:</para>
<para><screen><userinput>/usr/sbin/grpconv</userinput></screen></para>
<para>Under normal circumstances, you won't have created any passwords yet.
However, if returning to this section to enable shadowing, you should reset any
current user passwords with the <userinput>passwd</userinput> command or any
group passwords with the <userinput>gpasswd</userinput> command.</para>
</sect2>

39
chapter06/shadowpwd-inst.xml
View File

@ -3,12 +3,6 @@
<sect2>
<title>Installation of Shadow Password Suite</title>
<para>Before you install this package, you may want to have a look at
the Shadow hint. It discusses how you can make your system more secure
regarding passwords, such as how to enable the more secure MD5 passwords
and how to get the most out of this Shadow package. The Shadow hint can
be found at <ulink url="&hints-root;shadowpasswd_plus.txt"/>.</para>
<para>The <userinput>login</userinput>, <userinput>getty</userinput> and
<userinput>init</userinput> programs (and some others) maintain a number
of logfiles to record who are and who were logged in to the system. These
@ -31,13 +25,14 @@ or she last logged in, and the <filename>/var/log/btmp</filename> lists the
bad login attempts.</para>
<para>Shadow hard-wires the path to the <userinput>passwd</userinput> binary
within the binary itself, but does this the wrong way. If before installing
Shadow no <userinput>passwd</userinput> binary is present , the package wrongly
assumes it is going to be located at <filename>/bin/passwd</filename>,
but then installs it in <filename>/usr/bin/passwd</filename>. This will lead
to weird errors about not finding <filename>/bin/passwd</filename>. To work
around this bug, create a dummy <filename>passwd</filename> file,
so that it gets hard-wired properly:</para>
within the binary itself, but does this the wrong way. If a
<userinput>passwd</userinput> binary is not present before installing Shadow,
the package wrongly assumes it is going to be located at
<filename>/bin/passwd</filename>, but then installs it in
<filename>/usr/bin/passwd</filename>. This will lead to weird errors about not
finding <filename>/bin/passwd</filename>. To work around this bug, create a
dummy <filename>passwd</filename> file, so that it gets hard-wired
properly:</para>
<para><screen><userinput>touch /usr/bin/passwd</userinput></screen></para>
@ -65,15 +60,21 @@ system. Install these two config files:</para>
<para><screen><userinput>cp etc/{limits,login.access} /etc</userinput></screen></para>
<para>In the old days <filename class="directory">/var/spool/mail</filename>
was the location for the user mailboxes, but nowadays <filename
class="directory">/var/mail</filename> is used. Change the default mailbox
location in the relevant configuration file while copying it to its
destination:</para>
<para>We want to change the password method to enable MD5 passwords which are
theoretically more secure than the default "crypt" method and also allow
password lengths greater than 8 characters. We also need to change the old
<filename class="directory">/var/spool/mail</filename> location for user
mailboxes to the current location at
<filename class="directory">/var/mail</filename>. We do this by changing the
relevant configuration file while copying it to its destination:</para>
<para><screen><userinput>sed 's%/var/spool/mail%/var/mail%' \
<para><screen><userinput>sed -e 's%/var/spool/mail%/var/mail%' \
&nbsp;&nbsp;&nbsp;&nbsp;-e 's%#MD5_CRYPT_ENAB.no%MD5_CRYPT_ENAB yes%' \
&nbsp;&nbsp;&nbsp;&nbsp;etc/login.defs.linux &gt; /etc/login.defs</userinput></screen></para>
<note><para>Be extra careful when typing all of the above. It is probably safer
to cut-and-paste it rather than try and type it all in.</para></note>
<para>According to the man page of <userinput>vipw</userinput>, a
<userinput>vigr</userinput> program should exist too. Since the installation
procedure doesn't create this program, create a symlink manually:</para>

4
index.xml
View File

@ -3,8 +3,8 @@
"/usr/share/docbook/docbookx.dtd" [
<!ENTITY version "20031001">
<!ENTITY releasedate "October 1st, 2003">
<!ENTITY version "20031002">
<!ENTITY releasedate "October 2nd, 2003">
<!ENTITY nbsp " ">
<!ENTITY ftp-root "ftp://ftp.linuxfromscratch.org">