At 05:01 PM 8/14/96 +0200, you wrote: > >...the attribute readable for others in case of the file /etc/passwd? > >Recently my debian system was cracked by several pirates. They have >account name and the password widely broadcasted on an IRC channel. The >only way, as I guess, they grabed root's privilages was free access to >/etc/passwd. >Is there a free and debianized shadow-password package?
Make sure you take good steps to ensure your security - for example, when a user changes passwords on my network it wont let them change it to a dictionary word, must have uppercase letters, and at least 1 numeral in it. (that's the way I installed Debian 1.1 anyway - by default it does this I think as long as you install a dictionary). There certainly is a debian shadow password package... Check the project/experimental directory - be forewarned though, it's exactly that -- experimental :-) I however have run it fine and it does seem to work (though I'm not using it now because I reformatted). ...Karl -- Karl Ferguson, Tower Networking Pty Ltd (ACN: 072 322 760) [EMAIL PROTECTED] t/a STAR Online Services [EMAIL PROTECTED] Tel: +61-9-455-3446 Fax: +61-9-455-2776 http://www.star.net.au/
