Shadow password management

Linuxconf fully support shadow password.

No compilation required

Shadow password support is builtin and dynamicly sensed. This means that Linuxconf will adjust itself if it detect the presence of the /etc/shadow file. It will use it to validate and manage users.

There is not compile time option related to shadow password. There is no need to install shadow password prior to compile linuxconf.

Support for extended features

While shadow passwords provide higher security by hiding password is a private file (while /etc/passwd remain generally visible), the shadow password package provide many gadget which enhance greatly user administration. Linuxconf provide a friendly interface to those features. Whenever Linuxconf detect the /etc/shadow file, it extends the user account dialog and the password policies dialog. The following features are then available.

Account expiration date
Password expiration date
Password minimum life time. The password expiration time may force a user to change his password and linuxconf will enforce selection of a new one. Once the password has been changed, the user is not allowed to change it again before some amount of time (potentially to revert to the original password).
Account disabling without loosing the password.

Linuxconf shadow password capability was tested with

RedHat 4.x with PAM
Shadow_in_a_box on RedHat 3.0.3

How to convert to shadow password on RedHat 4.x systems

Linux systems using PAM (Pluggable Access Module) can switch from standard /etc/passwd file to shadow support just by executing the program pwconv5. That's all.