By the way, hardened-shadow is not just about splitting /etc/shadow into a directory tree and switching from SUID binaries to SGID ones. Utilities like login, su, passwd, useradd, groupadd are also re-implemented, and are smaller than their shadow-utils counterparts.
The above makes it possible to make those tools work more seamlessly with LDAP (if that makes sense), maybe addressing your point. Feedback and patches are welcome - feel free to post to MLs listed at http://code.google.com/p/hardened-shadow/ .
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds