Why doesn’t XenServer enable shadow passwords or authconfig.  What year is this  1996 ? My guess is so that it can readd the hashed root without privs for things like xencenter to be able to edit the passwd via xapi. Tho i don’t see any password manipulation api hooks.  I am really curious why this isnt set.

I have been manually (well chef does it)  setting the dom0 passwords to shadow by detecting if its a xenserver and running pwconv. There hasn’t been any repercussions in the last 3 years.

Untill now.

Now moving up to xen6 in my test pool im running into all sortsa auth isues requireing me to single user my upgraded Hosts and pwconv and passwd them. Blargh.