  Linux Shadow Password HOWTO

  Michael H. Jackson, mhjack@tscnet.com.  () ,
  v1.3, 3 April 1996,  1997 2 1

    Linux Passwd Shadow Suite  , ġϰ,
  ʱȭϴ  ϰ ִ.  user password ʿ ϴ net
  work daemon̳ software , 缳ġϴ ͵ ٷ ִ. ׷
  software Shadow Suite Ϻΰ ƴ, Shadow Suite ϵ
   compile ʿ䰡 ִ.  ߿ program shadow ϴ pro
  gramming example ִ.   鿡    ̿ ִ.
  ______________________________________________________________________

   

  1.      鼭.

  1.1.     ۰ ٸ ͵.

  1.2.      ֱ ...

  1.3.    Feedback.

  2.       passwd file ܾ ϴ°?

  2.1.    passwd file ϱ⸦ մϱ?

  2.2.    /etc/passwd file 

  2.3.    shadow file 

  2.4.    crypt(3) ؼ.

  3.      Shadow Suite .

  3.1.    Linux Shadow Suite 

  3.2.     Shadow Suite ϱ?

  3.3.    Shadow Suite  ִ Ͱ ...

  4.      program .

  4.1.    Ǯ.

  4.2.    config.h file  մϴ.

  4.3.     program backup copy .

  4.4.    make 

  5.      ġ

  5.1.     ߸ž  츦 ؼ boot disk غսô.

  5.2.    ߺ man page ϱ

  5.3.    make install 

  5.4.    pwconv 

  5.5.    npasswd nshadow ̸ ٲ۴.

  6.      patchϰų upgrade ʿ䰡 ִ ٸ program

  6.1.    Slackware adduser program

  6.2.    The wu_ftpd Server

  6.3.    ǥ ftpd

  6.4.    pop3d (Post Office Protocol 3)

  6.5.    xlock

  6.6.    xdm

  6.7.    sudo

  6.8.    imapd (E-Mail

  6.9.    pppd (Point-to-Point Protocol Server)

  7.      Shadow Suite ϱ

  7.1.    ڰ ߰, , 

  7.1.1.  useradd

  7.1.2.  usermod

  7.1.3.  userdel

  7.2.    passwd ɰ passwd  ϱ.

  7.3.    The login.defs file.

  7.4.    Group passwords.

  7.5.    ϰ  program

  7.5.1.  pwck

  7.5.2.  grpck

  7.6.    Dial-up passwords.

  8.      C program Shadow ϵ ̱

  8.1.    Header files

  8.2.    libshadow.a library

  8.3.    Shadow ü

  8.4.    Shadow Լ

  8.5.    Example

  9.        .

  10.     ۱ǿ ؼ.

  11.     縻  ۿ...
  ______________________________________________________________________

  1.  鼭.

  ̰ Linux Shadow-Password-HOWTO̴.   Linux system
  shadow password  ư,   ϴ ϰ ִ.
  Shadow Suite    °  鵵 ϰ
  ִ.

  Shadow Suite ġϰ,  utility  , ݵ root
  loginؾ Ѵ. Shadow Suite ġ , system software ȭ
  ־  ̴. ׸, ϴ  program backup 纻
   ⸦  ǰѴ.  , ϱ  ȳ а
  ϱ⸦ Ѵ.

  1.1.   ۰ ٸ ͵.

   ٿ ͵:
          shadow  ġ  ʴ   sub-section
          xdm updateϴ Ϳ  sub-section
          ۾ Shadow Suite  ߰ϴ   section
              section

    update ͵:
          Sunsite html  
          Makefile -lshadow ̵ wu-ftp  section 
          öڿ ٽ 
          ELF ϵ wu-ftpd  section 
           login program   ݿϵ update
          Marek Michalkiewicz Linux Shadow Suite ϵ update

  1.2.    ֱ ...

    ֱ anonymous FTP

  sunsite.unc.edu

  /pub/Linux/docs/HOWTO/Shadow-Password-HOWTO

  Ǵ:

  /pub/Linux/docs/HOWTO/other-formats/Shadow-Password-HOWTO{-html.tar,ps,dvi}.gz

   , Ǵ Linux Documentation Project Web Server
  <http://sunsite.unc.edu/mdw/linux.html> ؼ, Shadow-Password-
  HOWTO <http://sunsite.unc.edu/linux/HOWTO/Shadow-Password-HOWTO.html>,
  Ǵ (<mhjack@tscnet.com>)    ִ.   
  newsgroup: comp.os.linux.answers ׻ Խõȴ.

    Shadow-YYDDMM package Եȴ.

  1.3.  Feedback.

  (Michael H. Jackson <mhjack@tscnet.com>)  ǰ, ο ,
   ֱ ٶ.   ׷ ͵ ,  
   ֽ  , ߸ ٷ   ִ.   
  쿡   ֱ ٶ. ֳϸ  newsgroup 
  ö ʱ ̴.

  2.   passwd file ܾ ϴ°?

  ⺻, κ Linux  غ Shadow Suite 
  ʴ´. Slackware 2.3, Slackware 3.0, ٸ  ˷ 
  ׷ϴ.  ̷ ϴ  ϳ  Shadow Suite  ް
   쿡  ۱ Ȯ ʱ ̴. Linux ϱ
  ϰ (CD-ROM ó) , ׿  񰡷  ޴ 
  ϴ GNU ۱(Copyleft Ҹ⵵ Ѵ) Ѵ.

   Shadow Suite ϴ Marek Michalkiewicz
  <marekm@i17linuxb.ists.pwr.wroc.pl>  ϴ BSD
  ۱  ڷκ source code ޾Ҵ.  , 
  ۱  ذǾ, Ŀ   password shadow
  ⺻    ̴. ׶   ġؾ ȴ.

  CD-ROMκ  ġߴٸ,   Shadow Suite
  ġ ʾҴ, CD-ROM Shadow Suite ϴ  file
   ̴.

  ·, Shadow Suite 3.3.1, 3.3.1-2, shadow-mk login program suid
  root  program   ְ,  ̻  ƾ Ѵ.

   ʿ file anonymous FTP WWW ؼ   ִ.

  Shadow Suite   Linux system, password  
   /etc/passwd Ǿ ִ. password ȣȭǾ
  (encrypted) ȴ.  ȣ  ´ٸ, ״
  password encrypt ̶ ٴ encode  Ǿ ִ.
   crypt(3)  , text null ϰ password key
  ϱ ̶ Ѵ.    encode̶  
  ̴.  ( :  encode encrypt   ϰ
  ϴ.  - ȣ ٲ㾲 -  Դϴٸ, ȣ Ͻ
  е鿡Դ ӽ ٸ Ͱϴ. ̿   ٶϴ.)

  password encodeϴ  Ǵ algorithm δ ܹ hash
  function   ֵǰ ִ.   δ ϱ
  ϰ Ǿ    ſ  Ǿ ִ.  
  algorithm  ڼ  section 2.4 crypt(3) manual page
  ִ.

  ڰ password ϰų Ҵ , password salt(ұ?)
  Ҹ     encodeȴ.  ̰  password
  4096 ٸ    ִٶ .  salt 
  encode password  ȴ.

  ڰ loginϰ password ϸ, salt encodeǾ 
  password  ´. ״ Էµ password salt 
  encodeȴ. ׸, encodeǾ  password Ѵ.   ,
   ٸ ڴ ȴ.

  ϰ encode password ȹؼ  password ǵ
   δ (׷ Ұ ʴ). ׷,  
  ڰ ϴ system̶,   password ϻܾ
  ̷ ִ (Ǵ  ̴).

  system cracker ̷  ˰,  ̴ password ܾ
    4096 salt  ؼ encrypt  ̴.
  ״ ׵ ׵ database ִ  /etc/passwd file
  encode password  ̴. ϴ ϳ ġѴٸ ׵
  Ǵٸ  password  Ǵ ̴. ̴ dictionary
  attack( ?)̶  Ҹ, system 㰡   
       ϳ̴.

  غ, 8ڵ password 4096 * 13ڿ encodeȴ. ׸,
  400,000 Ϲ ܾ, ̸, password, ణ  ̷ 
  4G Byte hard  ä ̴. ڵ ̷   ʿϰ,
  ´  ˻  ʿ䰡 ִ.  10000 ޷Ϸ ̷ 4G byte¥
  hard   ִٸ, κ system cracker鿡Դ ϴ.

  , cracker  /etc/passwd file ̹  ִٸ, ׵
  /etc/passwd file ԵǾ ִ salt    encodeϸ
  ȴ.    200 Megabyte  486 computer  ִ
   ûҳ̸ ̿  ִ.

    , crack(1)  utility ּ  
  ڸ Ȯϰ ִ system password 2   ִ
  (user ڱ ڽ password   ִ system̶ Ѵٸ).

  /etc/passwd file user ID group ID  κ system
  program    ִ. Դٰ /etc/passwd file "
  б "  ־ Ѵ. /etc/passwd file ƹ  ϰ
  ϸ,   ls -l   user ̸ user ID ϴ
     ̴!

  Shadow Suite password ٸ file(밳 /etc/shadow) ġŴν
    ذѴ. /etc/shadow file      Ǿ
  ִ. root /etc/shadow   ְ,   ִ.  program
  (xlock ) password ٲ  ִ Ǹ  ʴ´.
  password Ȯ   ȴ. ̷ program suid root
  ǰų, /etc/shadow б⸸   ִ shadow group ٲپ
  ָ ȴ.  ׷ program sgid shadow ų  ִ.

  password /etc/shadow file Ű ν, dictionary attack ϱ
  ؼ encode password鿡 ϴ ڵ ȿ  
  ִ.

  ߰ Shadow Suite      ִ:

  o  login ⺻(/etc/login.defs) غ configuration file

  o  user   group ߰, , ϴ utility

  o  password ȿⰣ   

  o   ȿ 

  o  group password shadow (û)

  o  2 ̸  passwrd (16 password) ( )

  o  user password  ,  

  o  ȭӿ password

  o    program ( )

  Shadow Suite ġϴ     ȭ system 
  ش. ׷, Linux system  ȭִ ٸ  ͵
  ְ,  ñ ٸ   õ  ٷ Linux
  Security HOWTO series  ̴.

  ˷   Linux      Linux
  Security home page <http://bach.cis.temple.edu/linux/linux-
  security/> 湮ϱ ٶ.

  2.1.  passwd file ϱ⸦ մϱ?

    ȯ鿡, Shadow Suite     :

  o  system     ʴ.

  o   system LAN ǰ ְ, network ٸ 迡
      ̸ password  ؼ NIS(Network Information
     Services) Ѵ.  ( ͸  ǰ ְ, -  ̻
        Ѵ´ -  ״  ȭŰ⸦ 
     ʴ´.)

  o   谡 NFS(Network File System), NIS Ǵ ٸ  
     ڸ  Ȯϱ  terminal server ǰ ִ.

  o  ڸ Ȯϴ ٸ software ϰ ְ,   ִ shadow
     version . ׸, source code   ʴ.

  2.2.  /etc/passwd file 

  shadow ʸ   /etc/passwd file   Ǿ
  ִ.

       username:passwd:UID:GID:full_name:directory:shell

  Ҵ:

     username
         (login) ̸

     passwd
        encode password

     UID
        ڷ  user ID

     GID
        ڷ  ⺻ group ID

     full_name
        user  ̸ -   field GECOS (General Electric
        Comprehensive Operating System: Ϲ    ü?)
        field Ҹ,   ̸ٴ ٸ   
        ִ. Shadow ɵ manual page  field comment ٷ.

     directory
         home directory (Full pathname)

     shell
         login shell (Full pathname)

   :

       username:Npge08pfz4wuk:503:100:Full Name:/home/username:/bin/sh

  Np salt̸, ge08pfz4wuk encode password̴.  encode
  salt/password kbeMVnZM0oL7I   ְ,   password
  Ų.  password ؼ 4096 ٸ encoding  
  ִ. (  password 'password'̸,   password̴).

  shadow suite ġǸ, /etc/passwd file ó ٲ:

       username:x:503:100:Full Name:/home/username:/bin/sh

  ι° field x ƹ ͵ ƴϴ. ( ϰ  ̴.)
  /etc/passwd file   ٲ ʾҴ.  encode password
    ̴. ̴ /etc/passwd file б⸸   password
  ˻  program ƹ ̻ ưٴ  ǹѴ.

   password shadow file(κ /etc/shadow file) ġȴ.

  2.3.  shadow file 

  /etc/shadow file     ִ:

       username:passwd:last:may:must:warn:expire:disable:reserved

   Ҵ:

     username
         ̸

     passwd
        encode password

     last
        ֱ password ٲ  (1970, 1, 1Ϻ  )

     may
        password ٲ ,  ٲٱ  ٸ  (
        password  Ⱓ)

     must
         password ٲܾ   Ⱓ ( password ȿⰣ)

     warn
        password Ǳ  user ٲ  ϴ Ⱓ

     expire
        password  , user   Ұϱ Ⱓ

     disable
          Ұϰ  (1970, 1, 1Ϻ  )

     reserved
        ܵ

      :

       username:Npge08pfz4wuk:9479:0:10000::::

  2.4.  crypt(3) ؼ.

  crypt(3) manual  ϸ:

  "crypt password encryptϴ Լ̴. ̴  Data Encryption
  Standard algorithm , () key ã  
  ̿Ǳ 鵵 ణ   ִ.

  key ڰ Է password̴. encodeǴ string  NULL̴.

  salt a-zA-Z0-9./ ̷ κ  ιڷ ̷
  ڿ̴.  ڿ 4096  ϳ algorithm ȥ
  ̷  δ.

  key    7 bit ν, 56-bit key ־. 
  56-bit key  ڿ, ݺؼ encryptϴ  δ. 
  13 ASCII ڿ, encrypt password Ų (ó ΰ ڴ
  salt  ڽ̴).   Ź ȣ  ٽ ̴ 
  data Ų.

  : key space 2**56,  7.2e16   ̷ ִ. key
  space    Ŵ  computer ϸ 
  ̴. crack(1) , κ  password  key space
  Ư κ ã software ִ. , ּ password  ,
   ̴ ܾ ̸ ϱ ٶ. passwd program Ͽ,
  ã  password ϴ  ˻ϱ⸦ ٶ.

  DES algorithm,  ü  crypt(3) interface ϴ  ٸ
  password    ͺ      
  ִ.  ȭ ؼ crypt(3) Ϸ Ѵٸ, DES 
  : encryption   å θ ̴ DES library ϶."

  ( :  The DES algorithm itself has a few quirks which make
  the use of the crypt(3) interface a very poor choice for anything
  other than password authentication. If you are planning on using the
  crypt(3) interface for a cryptography project, don't do it: get a good
  book on encryption and one of the widely available DES libraries."
  Դϴ.  ߿ don't do it: get ...κ ſ ָմϴ. it
   Ű  Ȯ ʽϴ. ϴ, get ... ϴ 
  ϰ  ߴ ...)

  κ Shadow Suite password ̸ 16ڷ ̴ code
  Ѵ. des  ̸  ʴ´. ֳϸ ݺθ
  encoding ,  password Ĺݺθ encodingϴ ܼ ̱
  ̴.  crypt Ĵζ,  password  ʴ ͺ 
   password   ִ. , ڰ 16ڳ Ǵ
  password ϱ ٴ 鵵 ִ.

  crypt  ȣȯ ϸ鼭,  password ϰ  ȭ
  (Ư, MD5 algorithm)   ִ  ̴.

  encryption  å  Ѵ:

          "Applied Cryptography: Protocols, Algorithms, and Source Code in C"
          by Bruce Schneier <schneier@chinet.com>
          ISBN: 0-471-59756-2

  3.  Shadow Suite .

  3.1.  Linux Shadow Suite 

   SECTION Ұϴ PACKAGE  .  ߰ߵǾ

  ʷ Shadow Suite   John F. Haugh II̴.

  Linux system Ǵ δ   ͵ ִ.

  o  shadow-3.3.1 ̴.

  o  shadow-3.3.1-2 Florian La Roche <flla@stud.uni-sb.de> ؼ
     Linux ° ,     ִ.

  o  shadow-mk Linux ߾ Ǿ ִ.

  shadow-mk package shadow-3.3.1-2 patch , John F. Haugh
  II   shadow-3.3.1 package ϰ ִ. ű⿡  
  ġ  Mohan Kokal <magnus@texas.net>  ġ, Joseph
  R.M. Zbiciak /bin/login -f, -h    login1.c
  (login.secure)  ٿ,  ٸ  patch Ǿ ִ.

  shadow.mk package  login program Ȼ  ־ 
  ü ̴.

  Shadow 3.3.1, 3.3.1-2, shadow-mk login program Ȼ  ִ.
   login bug login name ̸ ˻ ʴ  ϰ ִ.
    浹 Ǵ    ߽Ű buffer overflow
  ߻Ų.  buffer overflow,  bug Բ shared library
  ϴ system  ڿ root  شٴ ҹ ־
  Դ.   ̷   ü ŷ ʰڴ.  
   ̷ (bug ִ) Shadow Suite ġؼ ظ   ִ
  Linux system , Shadow Suite  ELF- ǿԵ
  ϱ ̴.

    ٸ Linux Ȱ    ڼ ˰ ʹٸ, Linux
  Security home page (Shared Libraries and login Program  Vulnerability)
  <http://bach.cis.temple.edu/linux/linux-security/Linux-Security-
  FAQ/Linux-telnetd.html> ϶.

  3.2.   Shadow Suite ϱ?

  Ҹ Shadow Suite  BETA testing̴. · ֱ version
  ϸ,  login program  ʴ´.

  package   Ģ ´:

       shadow-YYMMDD.tar.gz

  YYMMDD Suite ǥ ¥̴.

   version Beta testing , ᱹ Version 3.3.3 ɰ̰,
  Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl> ؼ
   ǰ ִ.  shadow-current.tar.gz
  <ftp://i17linuxb.ists.pwr.wroc.pl/pub/linux/shadow/shadow-
  current.tar.gz>   ִ.

  ,   mirror site鿡   ִ:

  o  ftp://ftp.icm.edu.pl/pub/Linux/shadow/shadow-current.tar.gz

  o  ftp://iguana.hut.fi/pub/linux/shadow/shadow-current.tar.gz

  o  ftp://ftp.cin.net/usr/ggallag/shadow/shadow-current.tar.gz

  o  ftp://ftp.netural.com/pub/linux/shadow/shadow-current.tar.gz

   ִ version ϱ ٶ.

  shadow-960129   version   ٶ: տ
   login   ִ.

    Shadow Suite ϴ   version Ų. ,
   ϰ ִ package Ѵ.

  , ġ ȳ ۼϴ , shadow-960129 ߴ.

   shadow-mk ߴٸ,  version upgrade ϰ, 
  compileߴ  ٽ ϱ ٶ.

  3.3.  Shadow Suite  ִ Ͱ ...

  Shadow Suite  program üǰ  ִ:

  su, login, passwd, newgrp, chfn, chsh, id

  , ο program鵵 ִ:

  chage, newusers, dpasswd, gpasswd, useradd, userdel, usermod,
  groupadd, groupdel, groupmod, groups, pwck, grpck, lastlog, pwconv,
  pwunconv

  ٿ, library: libshadow.a  password ϴ program
  ۼϰų compileϱ  ԵǾ ִ.

  , program  manual page ִ.

  /etc/login.defs ġǴ login program  file ִ.

  4.  program .

  4.1.  Ǯ.

  package   ó   Ǯ ġ ̴. package gzip
   tar (tape archive)  Ǿ Ƿ, /usr/src ű :

       tar -xzvf shadow-current.tar.gz

  ׷, /usr/src/shadown-YYMMDD directory Ǯ ̴.

  4.2.  config.h file  մϴ.

  ù°, Makefile config.h Ѵ:

  cd /usr/src/shadow-YYMMDD
  cp Makefile.linux Makefile
  cp config.h.linux config.h

  ׸ config.h .  file   ׿  Ǹ 
  ִ.  ǰ package  ִٸ, ϴ group shadow 
   ʵ ϱ⸦ Ѵ.

  ⺻, shadow group password   ִ. ̸ ٲٱ
  ؼ config.h #define SHADOWGRP #undef SHADOWGRP ٲ۴. 
  ׵  ʰ   Ѵ. ߿  group
  password group ڸ Ѵٸ, ٽ 밡ϵ  
  compileϸ ȴ.  밡 ܵдٸ, ݵ /etc/gshadow
  file  Ѵ.

   password  ϴ  տ Ѵ  ʴ´.

  #undef AUTOSHADOW   ٲ .

  AUTOSHADOW û shadow ϴ program  ۵ϵ
  Ϸ  غ ̾.  ̾߱ ̷лδ ,
    ʴ´.  option ϰ rootν program
  Ű,   getpwnam() root θ, Ŀ /etc/passwd
  file   ٽ  ȴ (̻ shadow  ä).
  ׷ program chfn chsh ִ. (getpwnam() ȣϱ , 
  uid ȿ uid ٲ۴ص ̸ ȸ  . ֳϸ root
  chfn chsh  ̱⶧̴. (: ȣϳ׿. system
  programming  배 ... ƽô   ٶϴ.))

  libc    찡 ִ. SHADOW_COMPAT option  ̴.
      ȴ! /etc/passwdκ encode password 
  Ѵٴ  .

   ϰ ִ libc version 4.6.27̶, config.h
  Makefile ĥ   ִ.  config.h ٲ :

       #define HAVE_BASENAME

  

       #undef HAVE_BASENAME

  .  ׸ Makefile:

       SOBJS = smain.o env.o entry.o susetup.o shell.o \
               sub.o mail.o motd.o sulog.o age.o tz.o hushed.o

       SSRCS = smain.c env.c entry.c setup.c shell.c \
               pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
               tz.c hushed.c

  

  SOBJS = smain.o env.o entry.o susetup.o shell.o \
          sub.o mail.o motd.o sulog.o age.o tz.o hushed.o basename.o

  SSRCS = smain.c env.c entry.c setup.c shell.c \
          pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
          tz.c hushed.c basename.c

  .   ħ libc 4.6.27̳  Ŀ Ե basename.c ִ
  code δ.

  4.3.   program backup copy .

  shadow suite üų program ؼ backup  ͵ 
  ̴. Slackware 3.0  :

  o  /bin/su

  o  /bin/login

  o  /usr/bin/passwd

  o  /usr/bin/newgrp

  o  /usr/bin/chfn

  o  /usr/bin/chsh

  o  /usr/bin/id

  BETA package Makefile backup   , ٸ ǿ
  ٸ ġ    ֱ⿡  óǾ ִ.

   /etc/passwd file backupޱ⸦ ٶ. ׷,  directory
   , passwd    ϵ, ̸   ض.

  4.4.  make 

   κ ġ  root   ʿ䰡 ִ.

  package compileϱ  make Ų:

       make all

      찡 ִ: rcsid defined but not used
  (rcsid ǵǾ   ʽϴ). ,   ڰ
  version control package ϱ⿡  ̴.

  5.  ġ

  5.1.   ߸ž  츦 ؼ boot disk غսô.

   ߸Ǿ ٸ, boot disk غؾ  ̴. ġ boot/root
  disk ߴٸ,  ɷ ϴ. ׷ ʴٸ, Bootdisk-HOWTO
  <http://sunsite.unc.edu/mdw/HOWTO/Bootdisk-HOWTO.html> booting
  disk    ϶.

  5.2.  ߺ man page ϱ

  , ü manual page ű ٶ.  backup Shadow
  Suite ġ  ,   manual page
  ϱ⸦  ̴.  밳  manual page Ǿ Ǿ
  Ƿ,  ͵  Ϳ    ִ.

   Ǵ ű ʿ䰡 ִ manual page ã   man -aW command
  locate command   ִ. make install Ű  ׷
    page ã  Ϲ  .

  Slackware 3.0  Ѵٸ, ؾ  man page:

  o  /usr/man/man1/chfn.1.gz

  o  /usr/man/man1/chsh.1.gz

  o  /usr/man/man1/id.1.gz

  o  /usr/man/man1/login.1.gz

  o  /usr/man/man1/passwd.1.gz

  o  /usr/man/man1/su.1.gz

  o  /usr/man/man5/passwd.5.gz

  , /var/man/cat[1-9] subdirectory ؾ  Ͱ  ̸
    ִ.

  5.3.  make install 

   غ : (rootμ   սô)

       make install

      ų,  Ͱ üϸ file permission ģ. ,
  man page ġѴ.

  ׸, /usr/include/shadow Shadow Suite ִ include file
  ġش.

  BETA package ٸ,  login.defs /etc ϰ, root
  ̸ ٲ  ֵ ־ Ѵ.

       cp login.defs /etc
       chmod 700 /etc/login.defs

   file login program  file̴.  ٽ , 
  system ° ġ ٶ. ̰ root login  ִ tty
  ϰ, ٸ   setting Ѵ(password ҿ 
  ⺻).

  5.4.  pwconv 

    pwconv Ű ̴. ݵ rootμ   ؾ 
  Ӹ ƴ϶, /etc directory ϸ ݻ÷ȭ:

       cd /etc
       /usr/sbin/pwconv

  pwconv /etc/passwd  ȿ  field    file
  : /etc/npasswd  /etc/nshadow.

  pwunconv program /etc/passwd /etc/shadowκ  /etc/passwd
  file  쿡  ־.

  5.5.  npasswd nshadow ̸ ٲ۴.

   pwconv Ѽ /etc/npasswd /etc/nshadow . 
  ͵ /etc/passwd /etc/shadow  ʿ䰡 ִ. 츮 
  /etc/passwd backup ޱ⸦ ϰ, root   ְ Ѵ. ׸
  backup root home directory ű:

       cd /etc
       cp passwd ~passwd
       chmod 600 ~passwd
       mv npasswd passwd
       mv nshadow shadow

  file  permission   Ȯϰ ض. X-Windows 
  ̶, xlock xdm program shadow file   ְ Ѵ
  (  ).

    ϰ ϴ  ΰ. xlock suid root  
   ִ(xdm root    ִ). Ǵ shadow file
  shadow group root    ̴.  ׷  °
   ϱ  shadow group(/etc/group ) ִ  Ȯ
  ض.  system  ڵ shadow group  ȵȴ.

       chown root.root passwd
       chown root.shadow shadow
       chmod 0644 passwd
       chmod 0640 shadow

   system shadow password file  Ǿ. ٸ 
  terminal , login  ִ  ϴ   ̴.

   ض!

   Ÿ,  ߸ȰŴ! shadow  · ư ؼ
  ó Ѵ:

  cd /etc
  cp ~passwd passwd
  chmod 644 passwd

  ׸ ,  ִ ҷ  file ǵ ƾ  ̴.

  6.  patchϰų upgrade ʿ䰡 ִ ٸ program

  password  ʿ ϴ κ program ġǰ shadow
  suite ԵǾ ִٰ ص, κ system password  ʿ
  ϴ ٸ program ִ.

  Debian   ִٸ (Ǵ   ʴ),
  ftp://ftp.debian.org/debian/stable/source/κ ٽ  
  program Debian source   ִ.

   section  κ adduser, wu_ftpd, ftpd, pop3d, xlock, xdm,
  sudo program shadow suite ϵ upgradeϴ  
  ٷ ִ.

  shadow suite    program ִ°ϴ  section
  ``C program Shadow ϵ ̱''  (׸
  program shadow file   ֵ SUID root SGID shadow
  ؾ )

  6.1.  Slackware adduser program

  Slackware ( ٸ ͵߿) /sbin/adduser Ҹ
  ڸ ߰   ȭ program ϰ ִ.  program
  shadow version
  ftp://sunsite.unc.edu/pub/Linux/system/Admin/accounts/adduser.shadow-1.4.tar.gz
    ִ.

   slackware adduserſ Shadow Suite ִ program (useradd,
  usermod, userdel)   Ѵ.  ׵   ټ ð
  ɸ, ׸ ġ Ѵ. ֳϸ   ڼ control
   ְ, /etc/passwd /etc/shadow ˸ file locking ֱ
  ̴ (adduser ƴϴ).

    ڼ  ˰  ``Shadow Suite ϱ'' ϵ.

  ,  ִٸ ó ض:

       tar -xzvf adduser.shadow-1.4.tar.gz
       cd adduser
       make clean
       make adduser
       chmod 700 adduser
       cp adduser /sbin

  6.2.  The wu_ftpd Server

  κ Linux system wu_ftpd server  ִ. κ
  shadow ġ ʾҴٸ,  wu_ftpd shadow  ϵ
  compile ʾҴ. wu_ftpd root processν Ǵ
  inetd/tcpdκ ۵ȴ.   wu_ftpd deamon  ִٸ,
    root  ·Ӱ ϴ bug ϰ ֱ⿡  upgrade
  ؾ ȴ (Linux security home page
  <http://bach.cis.temple.edu/linux/linux-security/Linux-Security-
  FAQ/Linux-wu.ftpd-2.4-Update.html> ).

   source code  shadow ϵ compileϱ⸸ ϸ
  ȴ.

   ִ  ELF system ƴ϶, wu_ftp server sunsite wu-
  ftp-2.4-fixed.tar.gz
  <ftp://sunsite.unc.edu/pub/Linux/system/Network/file-transfer/wu-
  ftpd-2.4-fixed.tar.gz>  ȴ.

  ϴ ͼ /usr/src  :

       cd /usr/src
       tar -xzvf wu-ftpd-2.4-fixed.tar.gz
       cd wu-ftpd-2.4-fixed
       cp ./src/config/config.lnx.shadow ./src/config/config.lnx

  ׷ ./src/makefiles/Makefile.lnx Ѵ:

       LIBES    = -lbsd -support

  :

       LIBES    = -lbsd -support -lshadow

  .

   script  ġϱ  غ :

       cd /usr/src/wu-ftpd-2.4-fixed
       /usr/src/wu-ftp-2.4.fixed/build lnx
       cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
       cp ./bin/ftpd /usr/sbin/wu.ftpd

  ̴ Linux shadow  file ؼ compileϰ server ġѴ.

   Slackware 2.3 system build Ű    
  ؾ ߴ:

       cd /usr/include/netinet
       ln -s in_systm.h in_system.h
       cd -

  ELF system  package compileϴ    
  Ǿ,  release Beta version  ȴ. װ wu-
  ftp-2.4.2-beta-10.tar.gz <ftp://tscnet.com/pub/linux/network/ftp/wu-
  ftpd-2.4.2-beta-10.tar.gz>̴.

  ϴ ͼ /usr/src  :

       cd /usr/src
       tar -xzvf wu-ftpd-2.4.2-beta-9.tar.gz
       cd wu-ftpd-beta-9
       cd ./src/config

  ׷  config.lnx Ѵ:

       #undef SHADOW.PASSWORD

  :

       #define SHADOW.PASSWORD

  .  ׸

       cd ../Makefiles

  Makefile.lnx Ѵ:

       LIBES = -lsupport -lbsd # -lshadow

  :

       LIBES = -lsupport -lbsd -lshadow

  .    ġ:

       cd ..
       build lnx
       cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
       cp ./bin/ftpd /usr/sbin/wu.ftpd

   wu.ftpd server   ִ  Ȯϱ 
  /etc/inetd.conf  .  ǿ server deamon ٸ
  ҿ ΰ, Ư wu.ftpd ٸ ̸ ϰ ִٴ  ִ.

  6.3.  ǥ ftpd

  ǥ ftpd server  ִٸ wu_ftpd server  Ѵ. 
   bugܿ Ϲ    ˷ ִ.

  ǥ  ϰų NIS  ʿ䰡 ִٸ, Sunsite ftpd-
  shadow-nis.tgz <ftp://sunsite.unc.edu/pub/Linux/system/Network/file-
  transfer/ftpd-shadow-nis.tgz> ִ.

  6.4.  pop3d (Post Office Protocol 3)

  POP3 ʿϸ, pop3d program compileؾ Ѵ.  pop3d root
   inetd/tcpd  ȴ.

  Sunsite ΰ version ִ: pop3d-1.00.4.linux.shadow.tar.gz
  <ftp://sunsite.unc.edu/pub/Linux/system/Mail/pop/pop3d-1.00.4.linux.shadow.tar.gz>
   pop3d+shadow+elf.tar.gz
  <ftp://sunsite.unc.edu/pub/Linux/system/Mail/pop/pop3d+shadow+elf.tar.gz>

    ġ ϰ ȴ.

  6.5.  xlock

  shadow suite ġϰ, X Windows System upgrade ʰ xlock
  screen lock Ǵٸ, Ctrl-Atl-Fx  ٸ tty login  xlock
  process ׿   Ʋ (Ǵ Ctrl-Alt-BS X server
  ̴).  xlock program upgradeϴ  .

  XFree86 3.x.x  ִٸ, Ƹ xlockmore (lockɿ Ǹ
  screen-saver ִ)   ̴.  package shadow Բ
  compile  ֵ Ǿ ִ.  xlock  ִٸ,  ɷ
  upgradeϵ Ѵ.

  xlockmore-3.7.tgz
  <ftp://sunsite.unc.edu/pub/Linux/X11/xutils/screensavers/xlockmore-3.7.tgz>
   ִ.

  밳, ̰ ̿   ̴.

  xlockmore-3.7.tgz  , /usr/src Ǭ:

       tar -xzvf xlockmore-3.7.tgz

  /usr/X11R6/lib/X11/config/linux.cf file  line ٲٸ ȴ:

       #define HasShadowPasswd    NO

        ó

       #define HasShadowPasswd    YES

  ׸   file :

       cd /usr/src/xlockmore
       xmkmf
       make depend
       make

    ڸ, ٸ permission ϰ ϸ ̴:

       cp xlock /usr/X11R6/bin/
       cp XLock /var/X11R6/lib/app-defaults/
       chown root.shadow /usr/X11R6/bin/xlock
       chmod 2755 /usr/X11R6/bin/xlock
       chown root.shadow /etc/shadow
       chmod 640 /etc/shadow

   xlock  ư ̴.

  6.6.  xdm

  xdm X-Windows󿡼 login screen ش.  system Ư
  level  ϸ xdm õŲ(/etc/inittab ).

  Shadow Suite ġǸ xdm update ʿ䰡 ִ.  ̴ ſ .

  xdm.tar.gz
  <ftp://sunsite.unc.edu/pub/Linux/X11/xutils/xdm.tar.gz> ִ.

  xdm.tar.gz  , /usr/src Ǭ:

       tar -xzvf xdm.tar.gz

  /usr/X11R6/lib/X11/config/linux.cf  line ģ:

       #define HasShadowPasswd    NO

        ó

       #define HasShadowPasswd    YES

  ׸   file :

       cd /usr/src/xdm
       xmkmf
       make depend
       make

    ڸ...:

       cp xdm /usr/X11R6/bin/

  xdm root  Ǳ⿡ permission ٲ ʿ .

  6.7.  sudo

  sudo ý ڰ ڷ Ͽ  root  
  program   ְ ϵ ش.   drive
  mountϴ Ͱ   ڰ   ֵ ν, system
  ڰ root   ʿ並   ִٴ 鿡 ϴ.

  sudo    password Ȯϱ  password 
  ʿ䰡 ִ. sudo ̹ SUID root· ۵Ǳ⿡ /etc/shadow file
  ϴ   .

  shadow suite ´ sudo
  <ftp://sunsite.unc.edu/pub/Linux/system/Admin/sudo-1.2-shadow.tgz>
  ִ.

  : sudo ġ ,  /etc/sudoers ⺻  üȴ.
  ׷Ƿ ⺻ ̿   ִٸ backup ϱ ٶ (Ǵ,
  Makefile ⺻  file /etc ϵ ϴ line
  ϸ ȴ).

   package ̹ shadow   ְ Ǿ Ƿ,
  compileϱ⸸ ϸ ȴ (/usr/src ְ):

       cd /usr/src
       tar -xzvf sudo-1.2-shadow.tgz
       cd sudo-1.2-shadow
       make all
       make install

  6.8.  imapd (E-Mail pine package)

  imapd pop3d  E-mail server̴.  imapd Pine E-mail 
  ִ. package  ִ  linux system shadow ϵ
  ϴ  ⺻ ̶ ϳ,  ƴ   ˰ ִ.
    package build script/Makefile  libshadow.alibrary
  compile  ̱  Ѵ.   imapd shadow
  ϵ ĥ  .

  Ȥ   س    E-mail  ٶ. ׷
     ذ ԽŰڴ.

  6.9.  pppd (Point-to-Point Protocol Server)

  pppd server     ְ   ִ:
  Password Authentication Protocol (PAP) Cryptographic Handshake
  Authentication Protocol (CHAP). 밳 pppd server /etc/ppp/chap-
  secrets/Ǵ /etc/ppp/pap-secrets ִ password д´. ̷
   pppd ٸ, pppd ٽ ġ ʿ䰡 .  (: ppp
  password  дٴ  ...)
  pppd login parameter   ִ (command linḛ, option
  file̳  ؼ). login option ־, pppd PAP 
  /etc/passwd ִ username password  ̴.   쿡
  shadow password file .  pppd-1.2.1d shadow
  ϵ code ٿ ȴ.

   section pppd-1.2.1d shadow ϵ ϴ  
  ̴ (pppd  version).

  pppd-2.2.0 ̹ shadow ȴ.

  7.  Shadow Suite ϱ

   section system Shadow Suite   ˰   
  ٷ.  ڼ    manual page ϱ ٶ.

  7.1.  ڰ ߰, , 

  Shadow Suite   ϴ,   ɵ ߰ߴ.
  ̹ adduser program  ġǾ ־ ̴.

  7.1.1.  useradd

  useradd  ڸ ߰Ѵ. , ⺻  ٲٱ  
     ִ.

  ó ؾ   ⺻  Ȯϰ, system ° ġ ̴:

       useradd -D

  ______________________________________________________________________
  GROUP=1
  HOME=/home
  INACTIVE=0
  EXPIRE=0
  SHELL=
  SKEL=/etc/skel
  ______________________________________________________________________

  ⺻ ġ Ƹ    ̴.   ڸ
  ߰Ϸ,  ڿ Ǵ   ؾ Ѵ. ·
  츮 ⺻ ġ ٲٰ ϰŴ.

   system:

  o  ⺻ group 100̴.

  o  password 60ϸ ѹ ٲ۴.

  o  password ҵ  Ƿ   ʱ⸦ ٶ.

  o  ⺻ shell /bin/bash̴.

     ̷ ٲٱ ؼ:

  useradd -D -g100 -e60 -f0 -s/bin/bash

   useradd -D ġ:

  ______________________________________________________________________
  GROUP=100
  HOME=/home
  INACTIVE=0
  EXPIRE=60
  SHELL=/bin/bash
  SKEL=/etc/skel
  ______________________________________________________________________

  ̷ ⺻ġ /etc/default/useradd ȴ.

   useradd Ἥ system ڸ ߰  ִ.  ,
  fred ڸ ⺻ġ ؼ ߰Ѵٸ:

       useradd -m -c "Fred Flintstone" fred

  /etc/passwd file   (?) ȴ:

       fred:*:505:100:Fred Flintstone:/home/fred:/bin/bash

  ׸, /etc/shadow file:

       fred:!:0:0:60:0:0:0:0

  fred home directory , -m switch Ƿ /etc/skel
  ü   ȴ.

  , Ư UID  ʾ, ̹  UID  
  .

  fred  , 츮  Ǯֱ  fred login
   .  Ǯֱ ؼ password ٲپ ־ Ѵ.

       passwd fred

  ______________________________________________________________________
  Changing password for fred
  Enter the new password (minimum of 5 characters)
  Please use a combination of upper and lower case letters and numbers.
  New Password: *******
  Re-enter new password: *******
  ______________________________________________________________________

   /etc/shadow   ̴:

       fred:J0C.WDR1amIt6:9559:0:60:0:0:0:0

  ׸, fred loginؼ system   ִ.  Shadow Suite ִ
  ٸ program  useradd   /etc/passwd /etc/shadow
  file  ٲ  ع ʴ´ٴ ̴.  ÿ 
  ڸ ߰ϰ, ٸ ̿ڴ ڽ password ٲ۴ص,  
   ȴ.  (: mutex lock, race condition  ϸ
   Ͱϴ.)

  /etc/passwd, /etc/shadow  ϴ ͺ ̷   
   .   /etc/shadow file ϰ ְ,  ߿ 
  ڰ password ٲٰ, ׸    ϸ,
   ڰ   Ҿ ȴ.

  ⿡ useradd passwd   ȭ script ִ:

  ______________________________________________________________________
  #!/bin/bash
  #
  # /sbin/newuser - Shadow Suite useradd passwd  ̿ؼ
  #                 ڸ ߰ϴ script
  #
  # Linux Shadow Password Howto ν Mike Jackson <mhjack@tscnet.com>
  #  ۼ.   Ư 㰡.
  #
  #   Slackware Adduser programó ⺻ġ ְ,   ֵ
  # ٲ  ־.  û Է źϵ ٲ  ־.
  # (,    ˻...)
  #
  ##
  #  useradd  ⺻ ġ
  ##
  GROUP=100        # ⺻ Group
  HOME=/home       # Home directory ġ (/home/username)
  SKEL=/etc/skel   # Skeleton(   file?) Directory
  INACTIVE=0       # password      ȿ
                   # Ǳ Ⱓ (0=׷ ϰ  )
  EXPIRE=60        # password ȿⰣ
  SHELL=/bin/bash  # ⺻ Shell (full path)
  ##
  #  passwd  ⺻ ġ
  ##
  PASSMIN=0        # password ٲ۴  ٲٱ  Ⱓ
  PASSWARN=14      # password   ϴ Ⱓ
  ##
  #  script ϴ ڰ root Ȯ
  ##
  WHOAMI=`/usr/bin/whoami`
  if [ $WHOAMI != "root" ]; then
          echo "You must be root to add news users!"
          exit 1
  fi
  ##
  #   ID(username)  ̸(Full name) 
  ##
  echo ""
  echo -n "Username: "
  read USERNAME
  echo -n "Full name: "
  read FULLNAME
  #
  echo "Adding user: $USERNAME."
  #
  # $FULLNAME ֺ "" ʿϴٴ Ϳ  .   field
  # ݵ ̻ ΰ ϸ, "  useradd command
  # Ųٸ,  ̾ parameter鵵  field Ϻκ
  # νĵȴ.
  #
  /usr/sbin/useradd -c"$FULLNAME" -d$HOME/$USERNAME -e$EXPIRE \
          -f$INACTIVE -g$GROUP -m -k$SKEL -s$SHELL $USERNAME
  ##
  #  password  ⺻ ġ Ѵ.
  ##
  /bin/passwd -n $PASSMIN -w $PASSWARN $USERNAME >/dev/null 2>&1
  ##
  #  passwd  password Է¹޴´.
  ##
  /bin/passwd $USERNAME
  ##
  #   .
  ##
  echo ""
  echo "Entry from /etc/passwd:"
  echo -n "   "
  grep "$USERNAME:" /etc/passwd
  echo "Entry from /etc/shadow:"
  echo -n "   "
  grep "$USERNAME:" /etc/shadow
  echo "Summary output of the passwd command:"
  echo -n "   "
  passwd -S $USERNAME
  echo ""
  ______________________________________________________________________

  ο ڸ ߰ϴ  script   /etc/passwd
  /etc/shadow  ϴ ų Slackware adduser  ͺ 
  .  Ư system ˸·η Ӱ ġ ٶ.

  useradd  ڼ  manual page ñ...

  7.1.2.  usermod

  usermod ڿ   ģ. option useradd ϴ.

   fred shell ٲٰ ,   ԷѴ:

       usermod -s /bin/tcsh fred

   fred /etc/passwd file ִ  ó ٲ ִ:

       fred:*:505:100:Fred Flintstone:/home/fred:/bin/tcsh

  ̹ fred  97 9 15ϱ  :

       usermod -e 09/15/97 fred

  ׷ fred /etc/shadow file ִ :

       fred:J0C.WDR1amIt6:9559:0:60:0:0:10119:0

  usermod  ڼ  manual page...

  7.1.3.  userdel

  userdel Ȯ    -   ̱ -  ġ.

  userdel -r username

   ġ ȴ. -r  home directory ִ  file Բ
  directory ü . ٸ  ִ file  ãƼ 
  Ѵ.

     ϰ  Ŷ, passwd   ٶ.

  7.2.  passwd ɰ passwd  ϱ.

  passwd  ״ password ٲٴ  ȴ.  , root
       ִ:

  o   (lock) Ǯ(unlock)(-l -u)

  o  password ȿⰣ(-x)

  o  password ٽ ٲٱ  ٷ ϴ Ⱓ(-n)

  o  password ȿⰣ  ˸    ΰ(-w)

  o  password ȿⰣ    ױ(lock)ϱ Ⱓ(-i)

  o      ڼ   (-S)

  ٽ fred  ư

       passwd -S fred
       fred P 03/04/96 0 60 0 0

  ̰ fred password ȿϰ, 96 3 4Ͽ  ٲپ,
   ٲ  ִ. ׸, 60ϵ password ٲ 
  Ŀ ,   fred ƹ    ̸,
  password   ȿϴ.

  , fred password ȿ   , ο password
  ˹ ̴.

  fred password ҵǱ 14  ϰ, ҵ  14
    Ű:

       passwd -w14 -i14 fred

  ׷ ó fred   ٲ:

       fred P 03/04/96 0 60 14 14

  passwd  ڼ  manual page...

  7.3.  The login.defs file.

  /etc/login file login program, ü Shadow Suite  
   ִ.

  /etc/login prompt   ϰ ִ  ڰ password
  ٲٸ ⺻ ȿⰣ   ΰ    ִ.

  /etc/login.defs file ο ִ  comment  ȭǾ
  ִ. ִ   ϸ:

  o  ߻ϴ log (?) ϴ on/off flag.

  o  ٸ  file Ű pointer.

  o  password ȿⰣ  ⺻ ġ.

       ߿ file̴. ,  ִ
  Ȯϰ, system  ⿡ ´   .

  7.4.  Group passwords.

  /etc/groups file ڰ Ư group ȸ   ֵ ϴ
  password  ִ.   /usr/src/shadow-YYMMDD/config.h
  SHADOWGRP    ۵ȴ.

     ٸ, /etc/gshadow file , group password
  group ڿ     ֵ ϶.

  /etc/shadow  ,  pwconv , /etc/gshadow 
   ׷ program .   . ˾Ƽ ϴϱ.

  ó /etc/gshadow  ؼ ó ض:

       touch /etc/gshadow
       chown root.root /etc/gshadow
       chmod 700 /etc/gshadow

   ο group ٸ, ڵ /etc/group /etc/gshadow
  file ׵ ٿ. group ڸ ߰ϰų , Ǵ group
  password ٲٸ, /etc/gshadow file  ٲ ̴.

  groups, groupadd, groupmod, groupdel program group ġ ν
  Shadow Suite ԵǾ ޵ȴ.

  /etc/group file   :

       groupname:!:GID:member,member,...

   Ҵ:

     groupname
        group ̸

     !   field password /etc/gshadow file Ű.

     GID
        group ID number

     member
        group member list

  ̴.

  /etc/gshadow file    :

       groupname:password:admin,admin,...:member,member,...

   Ҵ:

     groupname
        group ̸

     password
        encode group password.

     admin
        group  list

     member
        group member list

  ̴.

  gpasswd  group ڳ ڸ ߰, Ǵ   .
  rootǴ ڸ group member ߰,   ִ.

  group password root group ڿ  passwd  ٲ 
  ִ.

  gpasswd  manual page  Ǿ  , ƹ
  parameter gpasswd ġ option  list Ƿ, file
  format 丸  ϸ     ִ.

  7.5.  ϰ  program

  7.5.1.  pwck

  pwck program /etc/passwd /etc/shadow file Ʋ   
  Ѵ.    ڿ     Ѵ:

  o  field  ´°

  o   ̸ Ѱ

  o  ڿ group id

  o  ⺻ group

  o  home directory

  o  login shell

  , password     ش.

  Shadow Suite  , pwck Ű   ̴.  ֳ
   ֱ Ű⸦ Ѵ. -r option ٸ, cron
  Ͽ  ϰ  ϵ   ִ.

  7.5.2.  grpck

  grpck program /etc/group /etc/gshadow file Ʋ   
  Ѵ. ̰    Ѵ:

  o  field  ´°

  o   ̸ Ѱ

  o  ڿ  list ´°

  ڵ   -r option ִ.

  7.6.  Dial-up passwords.

  Dial-up password ȭ ϴ systemԴ  ϳ
  ̴.   ̵ network ؼ   system
  ϰ   , ȭ   ִ  ϰ ʹٸ,
  dial-up password  ذå̴. dial-up password  ʹٸ,
  /etc/login.defs DIALUPS_CHECK_ENAB yes ٲٸ ȴ.

   file ȭӿ    ִ. /etc/dialups ttys 
  ̴ ("/dev/" ŵ ä line ϳ). tty list
  öִٸ dial-up ˻簡 ȴ(?).

  ι° /etc/d_passwd̴.  file password shell 
  pathname  ִ.

  tty ؼ logϴ ڰ /etc/dialups,  shell
  /etc/d_passwd ִٸ, ״  password Էϸ ȴ.

  dial-up password  ٸ ̿  line   (밳
  PPP UUCP )  ΰ ϴ ̴. ڰ ٸ 
  (Ư, Ϸ shellν) õϰ Ѵٸ, line  
  ִ password ˰ ־ Ѵ.

  dial-up  ϱ , file  Ѵ.

  dpasswd  password /etc/d_passwd ִ shell ش.
  ڼ  manual page...

  8.  C program Shadow ϵ ̱

  C program Shadow ϵ ̴   ſ
  ϴ.   /etc/shadow file ϱ ؼ program
  root(Ǵ SUID root) Ǿ Ѵٴ ̴.

    Ŀٶ  ϳ 츮 Ѵ: SUID program  ,
  ſ ɽ programmingϴ  Ǿ ־ Ѵ.  ,
  program shell Ż  ְ  program SUID root, 
   root  ־ ȵȴ.

  password ˻    ٸ  root  ʿ䰡
   program shadow   ν, SUID program ξ
   program   ְ Ѵ. xlock program   ̴.

  Ʒ , pppd-1.2.1d ̹ SUID root ϰ Ƿ, shadow
    ̴  program  ϰ   ̴.
  8.1.  Header files

  header file /usr/include/shadow ִ.  ,
  /usr/include/shadow.h ִ. ׷, ̰
  /usr/include/shadow/shadow.h  symbolic link ̴.

  shadow   ߰ϱ , header file :

  #include <shadow/shadow.h>
  #include <shadow/pwauth.h>

  shadow code Ȳ  compileϵ compiler directive()
     ̴ (Ʒ  ).

  8.2.  libshadow.a library

  Shadow Suite ġ , libshadow.a file /usr/lib δ.

  shadow  program , linker libshadow.a 
  linkϵ ־ Ѵ.

  ó:

       gcc program.c -o program -lshadow

  ·, Ʒ  ٽ, κ Ŵ program Makefile
  ϰ, 츮 ĥ LIBS=...  밳 .

  8.3.  Shadow ü

  libshadow.a library /etc/shadow fileκ   spwd
  ü ´. spwd ü  Ǵ
  /usr/include/shadow/shadow.h file ִ:

  ______________________________________________________________________
  struct spwd
  {
    char *sp_namp;                /*  ̸ */
    char *sp_pwdp;                /* encrypt password */
    sptime sp_lstchg;             /* ֱ data  */
    sptime sp_min;                /* ۾ ּ ¥(ᱹ ѹ 
                                        Ѱ  ) */
    sptime sp_max;                /* ۾ ִ ¥(password ȿⰣ) */
    sptime sp_warn;               /* password ȿ Ǳ  ϴ Ⱓ */
    sptime sp_inact;              /* password ȿ ,  Ҵ
                                       Ⱓ. */
    sptime sp_expire;             /* ¥(Ҵ - 1/1/70) */
    unsigned long sp_flag;        /*    */
  };
  ______________________________________________________________________

  Shadow Suite sp_pwdp field encode passwd Բ ٸ   
  ִ. password field ó   ִ:

  username:Npge08pfz4wuk;@/sbin/extra:9479:0:10000::::

  ̴ password ٿ, /sbin/extra program  ȭ  
  ȣȴٴ  ǹѴ. ȣǴ program username, ȣ
  ˷ִ switch   ־  ̴. ڼ  ˰ ʹٸ,
  /usr/include/shadow/pwauth.h pwauth.c  ٶ.

  ̰ ǵϴ ٴ -ι  Ȯϴ    ִ- ٸ
  ϴ(actual)  Ȯ    ֵ pwauth 
   ̴.

  Shadow Suite ڴ ϴ κ program   
    ϸ鼭, Shadow Suite  version ų, ٲ
  ̶ Ѵ.

  8.4.  Shadow Լ

  shadow.h file libshadow.a library ִ Լ ⺻ ϰ
  ִ:

  ______________________________________________________________________
  extern void setspent __P ((void));
  extern void endspent __P ((void));
  extern struct spwd *sgetspent __P ((__const char *__string));
  extern struct spwd *fgetspent __P ((FILE *__fp));
  extern struct spwd *getspent __P ((void));
  extern struct spwd *getspnam __P ((__const char *__name));
  extern int putspent __P ((__const struct spwd *__sp, FILE *__fp));
  ______________________________________________________________________

    Լ: getspnam - spwd ü  ̸ 
  Լ - ̴.

  8.5.  Example

  ̰ shadow  ʿ ⺻ Ǿ  
  program װ ߰ϴ ̴.

   , PAP̳ CHAP /etc/passwd file ִ ̸
  password Ͽ PAP  ϴ mode , Point-to-Point
  Protocol Server (pppd-1.2.1d)  ִ.

  pppd ̷  ׸  ̰  ʴ. ׷ Shadow Suite
  ġǸ      ̴. ֳϸ password  ̻
  /etc/passwd  ʱ ̴.

  ppad-1.2.1d  ϴ code
  /usr/src/pppd-1.2.1d/pppd/auth.c file ִ.

   code #include ڰ ġϴ file κп  ʿ䰡
  ִ. 츮 (conditional directive) #include ѷմ
  (Ư shadow  ־ compile  ϵ)

  ______________________________________________________________________
  #ifdef HAS_SHADOW
  #include <shadow.h>
  #include <shadow/pwauth.h>
  #endif
  ______________________________________________________________________

    code ġ ̴.  auth.c file ġ ִ.

  ġ  auth.c:

  ______________________________________________________________________
  /*
   * login - Check the user name and password against the system
   * password database, and login the user if OK.
   *
   * returns:
   *      UPAP_AUTHNAK: Login failed.
   *      UPAP_AUTHACK: Login succeeded.
   * In either case, msg points to an appropriate message.
   */
  static int
  login(user, passwd, msg, msglen)
      char *user;
      char *passwd;
      char **msg;
      int *msglen;
  {
      struct passwd *pw;
      char *epasswd;
      char *tty;

      if ((pw = getpwnam(user)) == NULL) {
          return (UPAP_AUTHNAK);
      }
       /*
       * XXX If no passwd, let them login without one.
       */
      if (pw->pw_passwd == '\0') {
          return (UPAP_AUTHACK);
      }

      epasswd = crypt(passwd, pw->pw_passwd);
      if (strcmp(epasswd, pw->pw_passwd)) {
          return (UPAP_AUTHNAK);
      }

      syslog(LOG_INFO, "user %s logged in", user);

      /*
       * Write a wtmp entry for this user.
       */
      tty = strrchr(devname, '/');
      if (tty == NULL)
          tty = devname;
      else
          tty++;
      logwtmp(tty, user, "");             /* Add wtmp login entry */
      logged_in = TRUE;

      return (UPAP_AUTHACK);
  }
  ______________________________________________________________________

   password pw->pw_passwd ġѴ.    getspnam
  Լ ߰ϴ  δ.  Լ spwd->sp_pwdp password
  ҴѴ.

  츮 ٸ ϴ(actual)  Ȯ ۾ ϵ pwauth
  Լ  ̴. ̴ shadow file Ǿ  ڵ
  ι°  Ѵ.

  shadow ϵ ģ auth.c:

  ______________________________________________________________________
  /*
   * login - Check the user name and password against the system
   * password database, and login the user if OK.
   *
   * This function has been modified to support the Linux Shadow Password
   * Suite if USE_SHADOW is defined.
   *
   * returns:
   *      UPAP_AUTHNAK: Login failed.
   *      UPAP_AUTHACK: Login succeeded.
   * In either case, msg points to an appropriate message.
   */
  static int
  login(user, passwd, msg, msglen)
      char *user;
      char *passwd;
      char **msg;
      int *msglen;
  {
      struct passwd *pw;
      char *epasswd;
      char *tty;

  #ifdef USE_SHADOW
      struct spwd *spwd;
      struct spwd *getspnam();
  #endif

      if ((pw = getpwnam(user)) == NULL) {
          return (UPAP_AUTHNAK);
      }

  #ifdef USE_SHADOW
          spwd = getspnam(user);
          if (spwd)
                  pw->pw_passwd = spwd->sp-pwdp;
  #endif

       /*
       * XXX If no passwd, let NOT them login without one.
       */
      if (pw->pw_passwd == '\0') {
          return (UPAP_AUTHNAK);
      }
  #ifdef HAS_SHADOW
      if ((pw->pw_passwd && pw->pw_passwd[0] == '@'
           && pw_auth (pw->pw_passwd+1, pw->pw_name, PW_LOGIN, NULL))
          || !valid (passwd, pw)) {
          return (UPAP_AUTHNAK);
      }
  #else
      epasswd = crypt(passwd, pw->pw_passwd);
      if (strcmp(epasswd, pw->pw_passwd)) {
          return (UPAP_AUTHNAK);
      }
  #endif

      syslog(LOG_INFO, "user %s logged in", user);

      /*
       * Write a wtmp entry for this user.
       */
      tty = strrchr(devname, '/');
      if (tty == NULL)
          tty = devname;
      else
          tty++;
      logwtmp(tty, user, "");             /* Add wtmp login entry */
      logged_in = TRUE;

      return (UPAP_AUTHACK);
  }
  ______________________________________________________________________

  ؼ  츮  ٸ ȭ    ̴. /etc/passwd
  file password ٸ,  version UPAP_AUTHACK ְ 
  ߴ. ̰  . ֳϸ,  login Ϲ 뵵 PPP
  process  , PAP  Ǵ  ̸ password
  /etc/passwd ִ  ̸ /etc/shadow ִ password ´
  ϵ ϴ,   ϴ ̱ ̴.

  ,  version (Ư, ppp)  shell Ű
  ߴٸ,  ׵ PAP ̸ ppp, password null
  ν ppp  ȹ  ־.

  츮 ̰ password ٸ UPAP_AUTHACK UPAP_AUTHNAK
  ǵֵ ƴ.

  ̷ӰԵ pppd-2.2.0   ϰ ִ.

   ΰ  Ͼ  ֵ Makefile  ̴:
  USE_SHADOW Ǿ ־ ϰ, libshadow.a linkǵ  ʿ䰡
  ִ.

  Makefile:

       LIBS = -lshadow

  ׸  :

       COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t

  :

       COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t -DUSE_SHADOW

   ٲ۴.

    ġ϶.

  9.    .

  : /etc/securettys file Ἥ root   ִ tty
  ؿϴٸ,   ˴ϴ.  ߸ϱ?

  : /etc/securettys file Shadow Suite ġ ڿ ̻  
  ϴ. login  file /etc/login.defs root   ִ
  tty   ϴ.  file ׸  ٸ file ų 
  ϴ.

  : Shadow Suite ġߴ, login  ϴ.   
  Ծ?

  : Ƹ Shadow program ġ, pwconv Ű ʾҴ,
  /etc/npasswd /etc/nshadow /etc/passwd /etc/shadow ϴ
   ؾ ̴ϴ.  login.defs /etc ؾ ˴ϴ.

  : xlock section, /etc/shadow group ڸ shadow ٲٶ
  մϴ.  shadow group   ʽϴ.  ؾߵ?

  : ߰Ͻø ˴ϴ.  /etc/group file  ߰ϸ ˴ϴ.
  ٸ group ̰   group number Ҵؼ nogroup
  ׸ ϸ ˴ϴ. Ǵ xlock SUID root ϸ ˴ϴ.

  : Linux Shadow Password Suite  mailing list ϱ?

  : ,   Linux Shadow Suite beta test  
  ̴ϴ. shadow-list-request@neptune.cin.net (subject)
  subscribe ؼ mail ø list ߰ǽ  ϴ.  
  list  Linux shadow-YYMMSS series ؼ ϰ ϴ.
   ߿ ϰ Ͱų,  system Suite  ֱ
  release    ʹٸ, ϼŵ ˴ϴ.

  : Shadow Suite ġϴ. ׷, userdel   ,
  "userdel: cannot open shadow group file"̶ message ޽ϴ. 
  ߸?

  : Shadow Suite SHADOWGRP option compile,
  /etc/gshadow file  Դϴ. config.h ؼ ٽ
  compileϰų, /etc/group file ʽÿ.  shadow group 
  section Ͻñ ٶϴ.

  : Shadow Suite ġ,  /etc/passwd encode password
  ϴ.   ߸?

  : Shadow config.h file AUTOSHADOW option ϰ ߰ų, libc
  SHADOW_COMPAT option ְ compile ̴ϴ.   Ȯؼ
  ٽ compileϽʽÿ.

  10.  ۱ǿ ؼ.

  The Linux Shadow Password HOWTO is Copyright (c) 1996 Michael H.
  Jackson.

   纻 ۱ǿ  㰡  Ǵ    纻
   ϴ  㰡մϴ.

     纻  Ͽ,   ̶
       ԵǾ,    version
  ϰ ϴ  㰡մϴ.

    version   Ͽ,   ٸ 
   ϰ ϴ  㰡մϴ.

    version   Ͽ, ο ü  
   ˱   ԽŰ Ͱ    ˸ 
  ʿ  ,   ٸ ü ٲٴ  㰡մϴ.

  11.  縻  ۿ...

  auth.c  code  Copyright (c) 1993 and The Australian
  National University Copyright (c) 1989 Carnegie Mellon University
  pppd-1.2.1d ppp-2.1.0e Դ.

  Linux Shadow Suite , ϰ ִ Ϳ , ׸ 
     ֽ Marek Michalkiewicz
  <marekm@i17linuxb.ists.pwr.wroc.pl> 帳ϴ.

  ģϰ  а, ֽ Ron Tidd <rtidd@tscnet.com>
  帳ϴ.

       ˷ֽ в 帳ϴ.

   ̳   ֽñ ٶϴ.

  Michael H. Jackson <mhjack@tscnet.com>

      ̳  Ź帳ϴ.

   <tolkien@nownuri.nowcom.co.kr>

