This is something I've been thinking of for a while. Right now the crate allows users to authenticate themselves, which is a serious no-no. My main thoughts on implementation would be to completely remove the hash field in
/etc/passwd and add
/etc/shadow with semi-colon delimited key-value pairs (username to hash), like this:
In API-land, this would probably only require adding a parameter to
AllUsers::new(), a boolean to see if the called wants to be able to authenticate or not. AllUsers can then initialize and read files accordingly.
I'll work on this when I have the time.