Shadow passwords are a means of keeping your encrypted password
information secret from normal users. Normally, this encrypted passwords
are stored in /etc/passwd
file for all to read. Anyone can then run
password guesser programs on them and attempt to determine what they are.
Shadow passwords, by contrast, are saved in /etc/shadow
, which
only privileged users can read. In order to use shadow passwords, you
need to make sure all your utilities that need access to password
information are recompiled to support them. PAM (above) also allows you
to just plug in a shadow module; it doesn't require re-compilation of
executables. You can refer to the Shadow-Password HOWTO for further
information if necessary. It is available at http://metalab.unc.edu/LDP/HOWTO/Shadow-Password-HOWTO.html
It is rather dated now, and will not be required for distributions
supporting PAM.