If something goes terribly wrong, it would be handy to have a boot disk. If you have a boot/root combination from your installation, that will work, otherwise see the Bootdisk-HOWTO, which describes how to make a bootable disk.
You should also move the manual pages that are about to be replaced. Even if you are brave enough install the Shadow Suite without making backups, you will still want to remove the old manual pages. The new manual pages won't normally overwrite the old ones because the old ones are probably compressed.
You can use a combination of:
man -aW command and
locate command to locate the manual pages that need to be (re)moved. It's generally easier to figure out which are the older pages before you run
If you are using the Slackware 3.0 distribution, then the manual pages you want to remove are:
There may also be man pages of the same name in the
/var/man/cat[1-9] subdirectories that should also be deleted.
You are now ready to type: (do this as root)
This will install the new and replacement programs and fix-up the file permissions. It will also install the man pages.
This also takes care of installing the Shadow Suite include files in the correct places in
Using the BETA package you must manually copy the file
login.defs to the
/etc subdirectory and make sure that only root can make changes to it.
cp login.defs /etc chmod 700 /etc/login.defs
This file is the configuration file for the login program. You should review and make changes to this file for your particular system. This is where you decide which tty's root can login from, and set other security policy settings (like password expiration defaults).
The next step is to run
pwconv. This must also be done as root, and is best done from the
cd /etc /usr/sbin/pwconv
pwconv takes your
/etc/passwd file and strips out the fields to create two files:
pwunconv program is also provided if you need to make a normal
/etc/passwd file out of an
Now that you have run
pwconv you have created the files
/etc/nshadow. These need to be copied over to
/etc/shadow. We also want to make a backup copy of the original
/etc/passwd file, and make sure only root can read it. We'll put the backup in root's home directory:
cd /etc cp passwd ~passwd chmod 600 ~passwd mv npasswd passwd mv nshadow shadow
You should also ensure that the file ownerships and permissions are correct. If you are going to be using X-Windows, the
xdm programs need to be able to read the
shadow file (but not write it).
There are two ways that this can be done. You can set
xlock to suid root (
xdm is usually run as root anyway). Or you can make the
shadow file owned by
root with a group of
shadow, but before you do this, make sure that you have a shadow group (look in
/etc/group). None of the users on the system should actually be in the shadow group.
chown root.root passwd chown root.shadow shadow chmod 0644 passwd chmod 0640 shadow
Your system now has the password file shadowed. You should now pop over to another virtual terminal and verify that you can login.
Really, do this now!
If you can't, then something is wrong! To get back to a non-shadowed state, do the following the following:
cd /etc cp ~passwd passwd chmod 644 passwd
You would then restore the files that you saved earlier to their proper locations.