Passwords in home?
Posted Mar 26, 2012 13:46 UTC (Mon) by anselm
In reply to: Passwords in home?
Parent article: Shadow hardening
Your setup might require authentication to actually get at the user's home directory in the first place, in which case you would have a chicken-and-egg problem if you needed to access the user's home directory in order to do the authentication.
Also, if you wanted to enforce restrictions on passwords (e.g., minimum length, aging, …) that would be difficult if a user's password was stored in a place that was under the user's control so they could mess with it in whatever way they desired. You could try to work around this by signing and/or encrypting the password file but that would not only make things a lot more complicated but would probably introduce another machine dependency (the keys to do the signing/encryption), at which point you'd be back where you started.
to post comments)