In multiuser environments it is very important to use shadow passwords (provided by the shadow-utils package). Doing so enhances the security of system authentication files. For this reason, the installation program enables shadow passwords by default.
The following is a list of advantages shadow passwords have over the traditional way of storing passwords on UNIX-based systems.
Improves system security by moving encrypted password hashes from the world-readable /etc/passwd file to /etc/shadow, which is readable only by the root user.
Stores information about password aging.
Allows the use the /etc/login.defs file to enforce security policies.
Most utilities provided by the shadow-utils package work properly whether or not shadow passwords are enabled. However, since password aging information is stored exclusively in the /etc/shadow file, any commands which create or modify password aging information do not work.
Below is a list of commands which do not work without first enabling shadow passwords:
chage
gpasswd
/usr/sbin/usermod -e or -f options
/usr/sbin/useradd -e or -f options