Complaint about Debian Small


Why does the Debian small distribution not use shadow/md5 by defualt ?


Sunny Dubey

PS: The only reason I can think of not using such is because of NIS (as per debconf warning), however NIS is old and garbage, and anyone thinking about running NIS should really look into nssldap and pamldap (which work on solaris too).

6 Replies

Responding to my own post …

One can enable shadow via shadowconfig, and can change from crypt() to MD5 via dpkg-reconfigure passwd

I shall know tomorrow how safe this is on a live running system, heh.

Sunny Dubey


There are no reasons why you should run into any problems, as long as you are not using NIS, which for a VPS should not be a problem.

You can unable md5 and shadow at the same time using

dpkg-reconfigure passwd

Although it does not tell you if they are turned on or not and I can not remember how to find out if they are already turned on.



Although it does not tell you if they are turned on or not and I can not remember how to find out if they are already turned on.

debconf-show passwd

My approach is quite simple: The first thing I do every time after installing Debian stable is to tweak /etc/sources.list to switch to unstable, and then do a reckless "apt-get dist-upgrade". During the upgrade somewhere, the passwd package would have needed reconfiguration anyway and I would've switched on MD5 and shadow.

So why do you upgrade your distro to the unstable version?


Well, for one thing, I love living dangerously. :shock:

Actually, it's mainly because unstable has PHP 4.3.x (4.3.2+rc3-6 right now), which brings a small collection of niceties like filegetcontents().

"unstable" is more stable than the name suggests, apart from occasional crashes of mozilla, various X and gnome components, etc. which I don't use anyway. Spectacular b0rkage of ssh and pam did happen a few months ago… but I take special care to upgrade such key packages, i.e. mark the package as "on hold" in dselect, monitor for about a week before taking the plunge.

I tend to install most things by hand, as the debain packages do tend to be out of date most of the time.

The only time I usually use apt-get of for small things and things that I really can not be bothered to install from source.



Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct