Administration Password

The Administrator for your system provides several options to improve the system's security. In general, improving security means controlling and limiting access to the system by other users, including local users or users on remote systems on the network.

The "Improve System Security" guide lets you make the following settings:

  • Assign a password to the root account, if it doesn't already have one.

    The most important method for improving security is creating a password for the root account. If the root account does not have a password, any person can log in to the root account and deliberately or inadvertently destroy files or directories that are essential for the system to operate.

  • Password administration for each active user account on the system or lock unused accounts to prevent unauthorized people from logging in.

    For active user accounts (accounts that are not locked and do not have a password), you can either ask each user for a preferred password or simply assign a password, which can be changed by the user later using the "Modify My Account Password" guide (available in the User Manager). For user accounts that are not currently being used, you can lock them to prevent unauthorized people from trying to use the accounts to log in to the system.

  • Use shadow passwords.

    When you create passwords for user accounts on the system, the system encrypts the passwords and places them in a special file. Any user on the system can view the file and see the encrypted passwords. This gives a user the opportunity to possibly decipher the passwords, thereby gaining unauthorized access to another user's account. To prevent any user but root from viewing the password file, you can have the system use a shadow password file. (A shadow password file contains encrypted passwords.)

  • Require passwords at login.

    By requiring passwords, you can ensure that unauthorized people can't gain access to the system using an open user account. An open user account is an account that is neither locked nor has a password assigned to it. (As a rule, it's a good idea to either lock an account or assign a password to it.)