Elektra lets system administrators control security in a much fine grained way. With the current text file paradigm it is impossible to control permissions and access times on each /etc/passwd or /etc/shadow atoms. Elektra lets you do that because each information atom stored in it (key) has a unique name (key name) and access rights. See Hans Reiser (creator of ReiserFS) comments about it.
To show the security model in action, this screen shows the kdb command listing keys and their attributes related to user nobody.
bash$ kdb ls -Rlv system/users/nobody -rw-r--r-- root root 17 Mar 31 09:07 system/users/nobody/uid=99 -rw-r--r-- root root 17 Mar 31 09:07 system/users/nobody/gid=99 -rw-r--r-- root root 21 Mar 31 09:07 system/users/nobody/gecos=Nobody -rw-r--r-- root root 16 Mar 31 09:07 system/users/nobody/home=/ -rw-r--r-- root root 28 Mar 31 09:07 system/users/nobody/shell=/sbin/nologin -rw------- root root 16 Mar 31 09:07 system/users/nobody/password -rw------- root root 16 Mar 31 09:07 system/users/nobody/passwdChangeBefore -rw------- root root 20 Mar 31 09:07 system/users/nobody/passwdChangeAfter -rw------- root root 16 Mar 31 09:07 system/users/nobody/passwdWarnBefore -rw------- root root 15 Mar 31 09:07 system/users/nobody/passwdDisableAfter -rw------- root root 15 Mar 31 09:07 system/users/nobody/passwdDisabledSince -rw------- root root 15 Mar 31 09:07 system/users/nobody/passwdReserved
We ran the kdb command without super-user credentials, asking for long (-l), recursive (-R) listing, and to show each key value (-v). But (since we are) regular user, we don't have permission to see the values of the system/users/nobody/passwd* fields.
The users database files were elektrified to key-value pairs using the users-convert script included with the distribution.
