Builder AU: Migrating from Shadow Passwords to tcb in Linux

Aug 25, 2006, 11:15 (0 Talkback[s])
(Other stories by Vincent Danen)

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

"Shadow passwords have been a de facto standard with Linux distributions for years, and as well as the use of md5 passwords. However, there are drawbacks to using the traditional shadow password method, and even md5 is not as secure as it used to be. One drawback to the shadow password file is that any application that requires looking up a single shadow password (i.e., your password) can also look at everyone else's shadow passwords, which means that any compromised tool that can read the shadow file will be able to obtain everyone's shadow password.

"There is an alternative to shadow, called tcb, available from the tcb home page written by the Openwall Project. Migrating to tcb is fairly straightforward, although it can take a bit of work..."

Complete Story

Related Stories:

Enterprise Networking Planet: Pulling The Covers Off Linux PAM(Jun 23, 2005)
SearchEnterpriseLinux: Stopping Intruders with Snort & Friends(May 26, 2005)
NewsForge: Build an IDS with Snort, Shadow, and ACID(Apr 29, 2005)
Linux.com: Unix Password Management(Oct 17, 2000)

Subscribe to Our Daily Newsletter

Current Newswire:

More on LinuxToday

Builder AU: Migrating from Shadow Passwords to tcb in Linux

WEBINAR: On-demand Event