> master.passwd and passwd work like this:
> 
> master.passwd stores all the username information and their (encrypted)
> 	      password. It is only accessible by root and is only used for
> 	      adding and administrating users.
> 
> passwd is produced from master.passwd by the 'pwd_mkdb' program which at the
>        same time adds information to the password database (/etc/spwd.db).
> 
> The point of all this is that
> 
> a) programs that want to can get information about users from /etc/passwd
> (e.g. for finger, e-mail etc) and these programs *don't* need to be run as
> root - this makies the system more secure.
> 
> b) a limited\ and smaller number of programs are alowed to read your password
> from /etc/spwd.db, e.g. login, passwd itself, etc..

More or less correct.  The only slightly incorrect thing is that programs
under a) aren't expected to access /etc/passwd, but /etc/pwd.db (which is
generated by pwd_mkdb just like /etc/spwd.db).  These /etc/pwd.db and
/etc/spwd.db files are hashed versions of /etc/passwd and /etc/master.passwd
resp.  These are used for faster access, albeit this will only be noticable
on really large user databases.

Hope it helps.

Ciao,
Wolfgang
--
ws@TooLs.DE     (Wolfgang Solfrank, TooLs GmbH) 	+49-228-985800