 | | In SVR4, as in some other vendor's versions, the shadow password file also stores information for implementing password aging. The idea is to force each user to change his or her password periodically (say, every three months) so that even if an attacker gains access to the shadow password file, the knowledge will not be useful forever. Password aging has its pros and cons, and it is not our purpose to debate them here. Suffice it to say that, at least in SVR4, the use of password aging is optional. | |
|