>	Actually, I may be wrong. I recall now that I heard about it in a
>book on Linux... not NetBSD per se. Whether or not it's in NetBSD, I'm not
>sure now...
>	Anyway, what it does basically is take the password out of the
>normal password file, and stick it in a shadow file, which IIRC is
>accessible only by root ( or SU, I suupose). Keep in mind, I'm not positive
>on the details ( don't have the book here with me)

shadowed passwords are an option on linux, but have always been in
netbsd.

the master.passwd file contains an "encrypted"[1] copy of a user's
password and is readable only by root.  the getpw*() routines in libc
don't look at the master.passwd file (or the /etc/passwd file, which
is just there for people to read), but in the databases /etc/pwd.db
and /etc/spwd.db (which is also readable only by root).  the
"encrypted" password is only copied into the spwd.db file.

[1] it's not actually encrypted, per se, so if you want to be pedantic
about it, what it actually does is pretend the user's password is a 56
des key and uses it to encrypt 64 bits of zeroes, but with 25 rounds
instead of 16, and with a salt to further "obscure" the output
(thereby making a dictionary attack more difficult).

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."