Shadow Passwords

Shadow passwords remove the encrypted password from /etc/passwd and "hides" them in an encrypted location. A hacker can still find this information and download it (to decipher it on their machine); however, there is much more work involved. On newer Linux systems all you have to do to activate Shadow Passwording is to type as root (the super user):


cd /etc
/usr/sbin/pwconv
/usr/sbin/grpconv

That's should be enough. I believe (but I could be wrong) that the newer versions of these two commands handles everything for you. When I looked at the /etc/passwd file, the passwords had disappeared, but I could still login and not login without the correct password (i.e.,it seems to be working).

For more information (but dated 1996), see the Shadow Password HOWTO.