From owner-freebsd-doc Tue Oct 20 14:26:33 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA05315 for freebsd-doc-outgoing; Tue, 20 Oct 1998 14:26:33 -0700 (PDT) (envelope-from owner-freebsd-doc@FreeBSD.ORG) Received: from europe.std.com (europe.std.com [199.172.62.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA05180; Tue, 20 Oct 1998 14:25:26 -0700 (PDT) (envelope-from lowell@world.std.com) Received: from world.std.com by europe.std.com (8.7.6/BZS-8-1.0) id RAA12889; Tue, 20 Oct 1998 17:23:15 -0400 (EDT) Received: by world.std.com (TheWorld/Spike-2.0) id AA22163; Tue, 20 Oct 1998 17:23:15 -0400 To: freebsd-questions@FreeBSD.ORG, freebsd-doc@FreeBSD.ORG Cc: vega@d132-h017.rh.rit.edu Subject: Re: shadowing passwords References: From: Lowell Gilbert Date: 20 Oct 1998 17:23:14 -0400 In-Reply-To: vega@d132-h017.rh.rit.edu's message of 14 Oct 1998 05:27:29 +0200 Message-Id: Lines: 59 X-Mailer: Gnus v5.3/Emacs 19.34 Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org vega@d132-h017.rh.rit.edu (VEGA) writes, in freebsd-questions: > is there a mechanism for FreeBsd to > shadow passwords? i have never > seen anyhting about it in the FAQ or handbook... The short answer is that, yes, FreeBSD comes with a shadow password system. However, this is a good point: either the handbook or FAQ should probably say something about this. Is the following a good start? ================================================================ Passwords 1. How do passwords work? FreeBSD uses a "shadow password" system. There is an /etc/passwd file, as UNIX systems have always had, but it doesn't contain the actual passwords. Those are kept in /etc/master.passwd (and in a hashed database /etc/spwd.db). 2. So do I need to edit these files to change my password? No. Normally, the easiest way to do that is with the 'passwd' command. 3. Editing password files Password files have more in them than just passwords. As an ordinary user, the 'chpass' command should be all you need as far as changing your entry, but for system administration purposes you need a lot more. Do *not* just edit the password files themselves. The easiest way to make your modifications is to use the 'vipw' command, which will bring up the password file in an editor, and automatically build the databases for you when you're done editing. If you *do* edit the master.passwd file directly, make sure to run the pwd_mkdb program on it afterwards. 4. Other topics [Not covered here, and probably shouldn't be: NIS, Kerberos, login.conf...] 5. More Reading To administrate a system, you really ought to read the following manual pages: passwd(1) : actually, *everyone* ought to read this chpass(1) : lets users change some other information as well as the password vipw(8) : edit the password file passwd(5) : format of the password file. Includes information on how to deal with NIS passwords (if you don't know what those are, you don't need to). login.conf(5) : login class capability database pwd_mkdb(8) : generate the password databases To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message