Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

shadow password

Status
Not open for further replies.
pichi

pichi

Programmer
Nov 12, 2000
156
EC
hi everybody, i install a redhat 8.0 server, and by mistake i didn´t choose the shadow passwords at th setup options, but obviusly i want to configure it right now on the server, is there a way i can do this without re-installing the server again??
thanks in advance

pichi
 
Sort by date Sort by votes
Install (as root) the Shadow package (either RPM or the tar.gz). Once the program is installed do this:

NOTE: check if /etc/login.defs currently exists, if it does MAKE A BACKUP OF IT FIRST! Then:

cp login.defs /etc
chmod 700 /etc/login.defs

This file is the configuration file for the login program. You should review and make changes to this file for your particular system. This is where you decide which tty's root can login from, and set other security policy settings (like password expiration defaults).

The next step is to run pwconv. This must also be done as root, and is best done from the /etc subdirectory:

cd /etc
/usr/sbin/pwconv

pwconv takes your /etc/passwd file and strips out the fields to create two files: /etc/npasswd and /etc/nshadow.

A pwunconv program is also provided if you need to make a normal /etc/passwd file out of an /etc/passwd and /etc/shadow combination.

Now that you have run pwconv you have created the files /etc/npasswd and /etc/nshadow. These need to be copied over to /etc/passwd and /etc/shadow. We also want to make a backup copy of the original /etc/passwd file, and make sure only root can read it. We'll put the backup in root's home directory:

cd /etc
cp passwd ~passwd
chmod 600 ~passwd
mv npasswd passwd
mv nshadow shadow

You should also ensure that the file ownerships and permissions are correct. If you are going to be using X-Windows, the xlock and xdm programs need to be able to read the shadow file (but not write it).

There are two ways that this can be done. You can set xlock to suid root (xdm is usually run as root anyway). Or you can make the shadow file owned by root with a group of shadow, but before you do this, make sure that you have a shadow group (look in /etc/group). None of the users on the system should actually be in the shadow group.

chown root.root passwd
chown root.shadow shadow
chmod 0644 passwd
chmod 0640 shadow

Your system now has the password file shadowed. You should now pop over to another virtual terminal and verify that you can login.

Really, do this now!

If you can't, then something is wrong! To get back to a non-shadowed state, do the following the following:

cd /etc
cp ~passwd passwd
chmod 644 passwd

You would then restore the files that you saved earlier to their proper locations. An infinite number of monkey typing at an infinite number of keyboards will eventually populate the internet.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tyutghf
  • Locked
  • Question
htaccess password protect website
Replies
1
Views
151
feherke
feherke
scon44
  • Locked
  • Question
SSH password less
Replies
4
Views
132
AIXLogician
AIXLogician
SpenceWaller
  • Locked
  • Question
Samba LDAP Domain - Password Expiry
Replies
0
Views
103
SpenceWaller
SpenceWaller
kepetersen
  • Locked
  • Question
tsc password locked
Replies
0
Views
89
kepetersen
kepetersen
1DMF
  • Locked
  • Question
.htaccess keeps asking for password when serving up mp3 mime type 1
Replies
12
Views
144
1DMF
1DMF

Part and Inventory Search

Sponsor

Back
Top