V-38499: The /etc/passwd file must not contain password hashes.
---------------------------------------------------------------

The hashes for all user account passwords should be stored in the file
"/etc/shadow" and never in "/etc/passwd", which is readable by all users.

Details: `V-38499 in STIG Viewer`_.

.. _V-38499 in STIG Viewer: https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2015-05-26/finding/V-38499

Notes for deployers
~~~~~~~~~~~~~~~~~~~

.. include:: developer-notes/V-38499.rst