Posted Mar 22, 2012 6:34 UTC (Thu) by eru
In reply to: Bizarre
Parent article: Shadow hardening
Please: scrap the file-based auth, and move to LDAP.
But if the network is down or LDAP otherwise hosed, how do you get access for fixing things? Files are also useful for situations where the system is never meant to be part of a wider authentication domain (eg. most home users and embedded systems).
But I agree that in most professional deployments you want to use network-based authentication, except for root and other special cases, so improving shadow password security in the ways described in the article does not seem terribly important.
to post comments)