Anyway, if you have somebody on your system that can steal the /etc/shadow file (which is only accessible by root) than your system is already lost.
my cent
Emmerich
not exactly, IHMO. Some people use NIS, for various reasons.
In this case, you do not have shadow protection, so choosing good passwords is crucial.
To make this point clear: I don't propose using weak passwords. I am also afraid of somebody entering one of my machines with guessable passwords. But I am not particularly afraid of him getting more access after he's already been able to do something on my machines (like stealing /etc/shadow). I consider systems (and therefor also networks) where an attacker has been able to do something (especially getting access to the /etc/shadow file) as cracked. The next tools the administrator on such a system should use are fdisk and mkfs. --emmerich