> > So, systems *without* shadow passwords should be very rare, at least
> > for sarge or above systems installed from scrtach. The only case where
> > shadow passwords may be disabled are:
>
> I recently did a whole slate of Debian installs with the first release
> of Sarge. All of them were done in expert mode and none of them enabled
> shadow passwords. Nor was I ever asked to enable them at any point
> during the setup. I know this because I *always* enable this when the
> choice is presented.
Template: passwd/shadow
Type: boolean
Default: true
_Description: Enable shadow passwords?
Shadow passwords make your system more secure because nobody is able to
view even encrypted passwords. Passwords are stored in a separate file
that can only be read by special programs. The use of shadow passwords
is strongly recommended. However, if you're going to use NIS you could
run into trouble.
In passwd.config, which is necessarily called in 2nd stage (otherwise,
you would end up with an empty root user password..:-))):
Were you prompted about the root user password, normal user name,
login name and password ? If so, then passwd.config was used and in
it, we find:
in the state machine....
0)
# Ask how the password files should be set up.
db_input low passwd/shadow || true
;;
2)
# Enable shadowed passwords...or not
db_get passwd/shadow
if [ "$RET" = true ]; then
shadowconfig on >/dev/null
else
shadowconfig off >/dev/null
fi
;;
So, I really fail to see how you end up with no shadow passwords, but
on any default install, shadow passwords *are* enabled. So are they on
all sarge machines I have ever installed from scratch.
