Admin user password duplicates stored with two way encryption?


#1

Both me and a friend have dreamhost, in fact he tipped me to this great hosting solution.

However, I’m worried now because he just recently requested a new password for the panel and the old one was sent to him in clear text.

This means that it was stored with two way encryption, or no encryption at all.

I like dreamhost but I want to be guaranteed that the SSH admin users I create through the panel do NOT store their passwords in clear text, or two way encryption anywhere. That they only store their passwords on the Linux VPS in the shadow file.


#2

You can avoid having your password stored in a recoverable format by changing it with the passwd utility in the shell: http://wiki.dreamhost.com/Passwords