I agree but you originally could not "see" the shadow file with kcheckpass and the fix was to set ownership to root, group to shadow and setgid shadow. The latter of which I thought was just as much a security risk or am I totally wrong? Regards / Mit freundlichem Gruß / Salutations John Monaghan BSc (hons) Computer Science - Software Engineering (AIRS) Software Engineer Front Office Development Hogatex Software GmbH Baldhamer Straße 39, D-85591 Vaterstetten Tel: +49 / (0)8106 / 321-0, Fax:+49 / (0)8106 / 321 -111 mailto:monaghan@hogatex.de http://www.hogatex.com -----Ursprüngliche Nachricht----- Von: Martin Knoblauch [mailto:martin.knoblauch@mscsoftware.com] Gesendet: Freitag, 2. August 2002 12:13 An: Monaghan, John; suse-kde@suse.com Cc: 'Anders Johansson' Betreff: Re: AW: [suse-kde] Fwd: screensaver fails password check On Friday 02 August 2002 12:06, Monaghan, John wrote:
I thought that the shadow file only had to be root-only writable?
Regards / Mit freundlichem Gruß / Salutations
why would you need "shadow" then at all? You could just keep the password hash in /etc/passwd, which also is writable only by root. The whole reason for the shadow exercise is to keep "passwd" readable by everyone and hide the password hash from the evil users :-) Martin -- Martin Knoblauch Senior System Architect MSC.software GmbH Am Moosfeld 13 D-81829 Muenchen, Germany e-mail: martin.knoblauch@mscsoftware.com http://www.mscsoftware.com Phone/Fax: +49-89-431987-189 / -7189 Mobile: +49-174-3069245