I have had the pleasure(?) of running a large linux network, I don't think it was ever really the case that shells were a viable access control mechanisms on their own.
Firstly it only really worked if you were all sharing the same machine with remote terminals, which most people don't do anymore. Second NFS happened when if you configured it badly you could just pretend you were any user you liked.
I'm assuming this is part of the reason why kerberos was invented. Basically the only practical way to tie down a network of machines was to make sure that authentication was done with LDAP and Kerberos. LDAP did the name, UID/GID and user metadata and kerberos the authentication. You could then use that ticket to gain access to other things (yes, even over HTTP, NFS or SSH)
Nowadays you'd use active directory, which is LDAP+Kerberos, but with a nice expensive gui.
/etc/passwd(or shadow) died _years_ ago, It was dodgy even in the 90s, let alone now. Its fine for single user machines, but not networked.
Firstly it only really worked if you were all sharing the same machine with remote terminals, which most people don't do anymore. Second NFS happened when if you configured it badly you could just pretend you were any user you liked.
I'm assuming this is part of the reason why kerberos was invented. Basically the only practical way to tie down a network of machines was to make sure that authentication was done with LDAP and Kerberos. LDAP did the name, UID/GID and user metadata and kerberos the authentication. You could then use that ticket to gain access to other things (yes, even over HTTP, NFS or SSH)
Nowadays you'd use active directory, which is LDAP+Kerberos, but with a nice expensive gui.
/etc/passwd(or shadow) died _years_ ago, It was dodgy even in the 90s, let alone now. Its fine for single user machines, but not networked.