From owner-freebsd-security  Fri Jul 12 00:45:42 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA11113
          for security-outgoing; Fri, 12 Jul 1996 00:45:42 -0700 (PDT)
Received: from relay.philips.nl (ns.philips.nl [130.144.65.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA11107
          for <freebsd-security@freefall.freebsd.org>; Fri, 12 Jul 1996 00:45:38 -0700 (PDT)
Received: (from smap@localhost) by relay.philips.nl (8.6.9/8.6.9-950414) id JAA11190; Fri, 12 Jul 1996 09:44:54 +0200
Received: from unknown(192.26.173.32) by ns.philips.nl via smap (V1.3+ESMTP) with ESMTP
	id sma011032; Fri Jul 12 09:44:01 1996
Received: from spooky.lss.cp.philips.com (spooky.lss.cp.philips.com [130.144.199.105]) by smtp.nl.cis.philips.com (8.6.10/8.6.10-0.9z-02May95) with ESMTP id JAA24023; Fri, 12 Jul 1996 09:46:18 +0200
Received: (from guido@localhost) 
	by spooky.lss.cp.philips.com (8.6.10/8.6.10-0.991c-08Nov95) id JAA17299; Fri, 12 Jul 1996 09:43:59 +0200
From: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com>
Message-Id: <199607120743.JAA17299@spooky.lss.cp.philips.com>
Subject: Re: Password mechanisms.
To: sextonr.crestvie@squared.com (Sexton, Robert)
Date: Fri, 12 Jul 1996 09:43:58 +0200 (MET DST)
Cc: freebsd-security@freefall.freebsd.org
Reply-To: Guido.vanRooij@nl.cis.philips.com
In-Reply-To: <2979895B0187397C@mg01a.mhs.squared.com> from "Sexton, Robert" at "Jul 11, 96 02:27:16 pm"
X-Mailer: ELM [version 2.4ME+ PL19 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Sexton, Robert wrote:
> I realize that kerberos has been integrated into BSD4.4.  Where does that 
> leave the old fashioned /etc/passwd file?  I recently locked myself out 
> my FreeBSD system, and I was puzzled as to why I could not de-password 
> root, no matter what I tried  There was something strange about clearing 
> the password out of /etc/shadow, and being ignored.  I know this stuff is 
> there somewhere..  And more importantly, how would I backup account 
> information?

Kerberos has nothing to do with it. In fact BSD uses a transparent shadow
password system. The real stuff is stored in /etc/master.passwd. Note
that you should edit it with vipw.
Further, a running system uses pwd.db and spwd.db, the database equivalents
of passwd and master.passwd.

-Guido