$Id: README.linux,v 1.20 2000/08/26 18:27:09 marekm Exp $ This is the shadow suite hacked a bit for Linux. See CHANGES for short description of changes. See also WISHLIST if you have too much time on your hands :-). Now that copyright issues have been resolved, the most important thing is testing. Please test this code as much as you can, and report any problems. At this point, I made so many changes that any bugs are probably mine. This package uses GNU autoconf, so it should be quite portable - but it hasn't been tested much on anything but Linux/x86. Long time ago, it has been reported to work on SunOS 4.1.x, and recently there has been some success on Solaris 2.x and Irix. I'd like to compile a current list of platforms this package is known to work on - if you get it to work on some new OS (non-x86 Linux, or non-Linux), please let me know. Please specify: host type guessed by autoconf, libc version, distribution, changes you needed to make (if any), etc. Please see README.platforms for the current (incomplete - I know there are more...) list of platforms this package is known to work on. There is a developers mailing list. It has moved again, and is now hosted by SuSE - thanks to Thorsten Kukuk . Send the command "subscribe shadow" to majordomo@suse.com to subscribe if you are interested. To send mail to everyone on the list, send it to shadow@suse.com. Before reporting bugs, please check if they still exist in my latest development snapshot. Every few weeks I make a new version available at the following URLs: ftp://piast.t19.ds.pwr.wroc.pl/pub/linux/shadow/ ftp://ftp.ists.pwr.wroc.pl/pub/linux/shadow/ http://www.itnet.pl/amelektr/linux/shadow/ (there are also mirror sites, see README.mirrors). After installation, please remember to remove any old binaries like /bin/passwd (this version installs /usr/bin/passwd). If your passwd program doesn't like the new /etc/login.defs settings, and complains about "configuration error", this is most likely the problem. Current versions of the Linux C library (both libc 5.x and glibc 2.x) have the shadow support, including MD5-based crypt(), built in. Because of this, libshadow.a will build without these functions, and the ones from libc will be used instead. Currently, libshadow.a is for internal use only, so if you see -lshadow in a Makefile of some other package, it is safe to remove it. Remember that shadow passwords will not make your system more secure if your distribution has gaping holes which let any user become root. Some distributions, especially the older ones, are much like SunOS 4.1 without any security patches installed :-). Read the linux-security mailing list archives, and plug all holes before attempting to install the shadow suite. Very old versions of this package (shadow-3.3.x, shadow-mk) had a few nasty security holes, too. Please use the latest version if possible. Encrypted passwords are not readable, but it is highly recommended to use cracklib with a big dictionary to prevent users from choosing weak passwords. This way if someone ever gets access to /etc/shadow (for example, because of some not yet discovered bug), they will not get half of the passwords using Crack... There is a configure option to use cracklib, I haven't tested it myself but I'm told it works. The code feels like stabilizing now - while still BETA, it should work quite well. Many bugs have been fixed, but there may be still a few lurking. Again, please test it and report any problems. Thanks to Julianne Frances Haugh who wrote the thing in the first place, sent me the latest version, and released it under a "free" BSD-style license, so that it can be included in Linux distributions (at least Debian 1.3 and Slackware 3.2 are already doing that; Debian and Red Hat packaging standards are supported in the standard source tree). David Frey , Michael Meskes and Guy Maor have done a lot of work to integrate shadow passwords into Debian Linux. Ben Collins maintains this package for Debian and added complete PAM support, now available in Debian 2.2. Thanks to Bradley Glonka of Linux System Labs (http://www.lsl.com/) for sending me a free Red Hat 4.2 CD-ROM, making it possible to test this package on this distribution. Special thanks to Michael H. Jackson who wrote the Linux Shadow Password HOWTO. Special thanks to Greg Gallagher and Jon Lewis for maintaining the developers mailing list for a long time. Thanks to Maciej 'Tycoon' Majchrowski for ftp server space on piast.t19.ds.pwr.wroc.pl, and to Pawel Wiecek for keeping bach.ists.pwr.wroc.pl up and running. Ian Jackson criticized the current shadow password system (see the linux-security mailing list archives). We disagree on some points, but this started a discussion on possible better solutions. Theodore Ts'o has started a new project to implement Pluggable Authentication Modules - a relatively new standard API which makes it easier to add new authentication mechanisms (it's more than just shadow passwords). See http://parc.power.net/morgan/Linux-PAM/ for more information. (XXX - this URL has changed, I have to check where PAM is now... -MM) Thanks to at least the following people for sending me patches, bug reports and various comments. This list may be incomplete, I received a lot of mail... John Adelsberger Martin Bene Luca Berra Darcy Boese Judd Bourgeois Ulisses Alonso Camaro Ed Carp Rani Chouha Ben Collins Joshua Cowan Alan Curry Frank Denis Hrvoje Dogan Chris Evans Marc Ewing Janos Farkas Werner Fink Floody David Frey Brian R. Gaeke Cristian Gafton Anton Gluck Dave Hagewood Jonathan Hankins Juergen Heinzl Joey Hess Tim Hockin David A. Holland Andreas Jaeger Timo Karjalainen Calle Karlsson Sami Kerola Thorsten Kukuk Jon Lewis Pavel Machek Guy Maor Martin Mares Rafal Maszkowski Nikos Mavroyanopoulos Michael Meskes Arkadiusz Miskiewicz Greg Mortensen Mike Pakovic Steve M. Robbins Adam Rudnicki Algis Rudys Lutz Schwalowsky Jay Soffian Aniello Del Sorbo Juha Virtanen Michael Talbot-Wilson Jesse Thilo Shane Watts Alexander O. Yuriev Leonard N. Zubkoff If you want to be added here, or your e-mail address changes, please let me know. Thanks. -- Marek Michalkiewicz