Enabling shadow passwords stores them in /etc/shadow which is not world readable unlike /etc/passwd. They would be encrytped regardless of the file they are in.
AlbaClause wrote: > [EMAIL PROTECTED] wrote: > > >> This may only be tangentially related to Python, but since I am coding >> a password authentication system in Python, I thought I would ask here. >> >> In Linux (and presumably other *NIX systems that support it), when >> shadow passwords are enabled, the actual password is not stored. >> Instead an encrypted version is stored. Then, to authenticate the >> password, the system re-encrypts the user's input to see if it matches >> the stored, encrypted version. >> >> > > Correct me if I'm wrong, but I believe that all Linux passwords are > encrypted whether you enable shadow passwords or not. I believe that when > you enable shadow passwords, the encrypted passwords are stored in a file > other than 'passwd'. Is this not correct? > > -- http://mail.python.org/mailman/listinfo/python-list
