     This is the first release of the shadow password  pack-
age;  it  will be a standard part of the next 4BSD distribu-
tion.  The files included are in the file ``LIST''.

     In the current BSD system,  there  are  three  password
files:  /etc/passwd,  /etc/passwd.pag,  and /etc/passwd.dir.
The first is the password file as  described  in  passwd(5);
the  others  are  files  containing  an ndbm(3) style hashed
database version of /etc/passwd.

     In the new  system,  there  are  four  password  files:
/etc/passwd,    /etc/master.passwd,   /etc/passwd.pag,   and
/etc/passwd.dir.  The first is exactly as it has always been
with  the  exception  that  the encrypted password field has
been replaced with a single asterisk.  The next three  files
have  much  the  same  relationship  as  the original model;
master.passwd is the new password file, and  passwd.pag  and
passwd.dir  comprise  the  ndbm version.  The one difference
between the contents of master.passwd and  the  contents  of
its  ndbm files is that only master.passwd has the encrypted
form of the password.  The ndbm  files  have,  instead,  its
offset  in  master.passwd.  Note, the file /etc/passwd is no
longer used for anything, it is simply  left  in  place  for
backward compatibility with shell scripts.

     The model we are  using  assumes  that  standard,  non-
privileged  programs  do  not  need to look at the encrypted
form of  the  password.   Therefore,  we  have  altered  the
getpwent(3) routines to read the standard data from the ndbm
files, and only attempt to read  and  return  the  encrypted
password  if  the  process  is running as super-user.  Obvi-
ously, master.passwd is read/writable only by the super-user
and  and  the ndbm files are readable by anyone and writable
only by the super-user.

     We also added three new fields to the password file;  a
``change''  field,  for password aging, an ``expire'' field,
for account expiration, and a ``class'' field for everything
else.   The  first two are implemented in login(1), and are,
respectively,  the  date  by  which  the  password  must  be
changed,  and  the date when the account expires.  The third
will be part of the next  4BSD  release,  but  is  currently
unimplemented.   It will be a ``pointer'' to a termcap style
database that may be used to store  site-dependent  informa-
tion  about a user, from when the user may be allowed to log
into the system, to how often the user is required to change
their password.

     The include file, pwd.h, has changed  in  fairly  major
ways.   We've  deleted  the two unused fields, ``pw_quota'',
and ``pw_comment'', and replaced them with ``pw_change'' and
``pw_class'',    respectively.    The   other   new   field,
``pw_expire'', has been added at the end of the structure.

     The only known problem with the current  implementation
of  password aging is that there is no ``reset'' -- when the
user changes his or her password it  essentially  shuts  off
password  aging  for  that  user.   To  reenable  aging,  an
administrator will have to use vipw(8) or chpass(1) to  pro-
vide  a new password timeout.  We expect to remedy this with
the new ``class'' database, where one of the provided fields
will  be  a value specifying how often the password needs to
be updated.  Once this is in place,  passwd(1)  will  simply
reset  the password timeout value each time the user changes
their password.

     Two programs have been deleted by this package, chfn(1)
and  chsh(1).  They are replaced by the much more comprehen-
sive program chpass(1).  The other programs affected by this
package behave much like they have always behaved.

     It should be noted that this package is binarily compa-
tible  with  4.3BSD and 4.3BSD-tahoe programs, although they
may run faster  if  they  are  recompiled  and  reinstalled.
Note,  programs  that  actually  use the encrypted passwords
will not run correctly without being recompiled.

     In earlier versions of the password system, ndbm  files
were  updated  in  place.  Because of the interdependence of
the ndbm files and the master password file, the ndbm  files
must  be rebuilt each time the master file is changed.  This
may be slow on many machines with  large  user  bases.   The
current  implementation builds the ndbm databases first, and
then atomically moves them into place.  We don't expect  the
extended  build time to be a serious problem as only updates
are locked  out  while  the  databases  are  being  created;
accesses proceed normally.

     This package includes Makefiles for all programs.  They
assume  that  your make program knows how to generate manual
pages automatically; if your make program does not know  how
to  do  this,  remove  the  ``${MAN}''  dependency  from the
install line in the Makefiles and generate the  manual  page
by  hand  using ``nroff -h -man''.  Also, unless you're run-
ning the 4.3BSD-tahoe release and/or you  have  the  program
mkdep(1), ``make depend'' won't work.
