[Lias] migrating users and their passwords
Leon Brooks
leon at cyberknights.com.au
Sun Dec 1 13:17:01 UTC 2002
On Sunday 01 December 2002 06:31 am, Jonathon Coombes wrote:
>> If RH7 uses the same password format, and adjeweb's software uses the
>> system passwords and mailboxes, just copy them (user by user) from
^^^^^^^^^^^^
>> /etc/shadow on the old system to the same file on the new, and their mail
>> from/to /var/spool/mail/$USERNAME
> Something to be careful of here, is if users already exist on the
> new system. Copying the shadow file may be fine, but with directories
> and files such as $HOME and the mailboxes, the uid's may get mixed up.
It's important to note that (1) I didn't avocate copying the file en bloc, but
`user by user' (see row of carets mid-quote); and (2) shadow is keyed on
username not UID.
> Another very useful command for changing passwords is the 'chpasswd'
> command. This is designed to change the user passwords as a batch job.
> Ideal for schools where you have to update hundreds of accounts.
It's even ideal for updating a score of accounts (shadow.old being /etc/shadow
from the old machine):
gawk -F: <shadow.old '{ print $1":"$2 }' | chpasswd -e
If you're upgrading from a machine which uses an older encryption method,
throw John the Ripper at the task (on the new machine, well a head of time)
and when it completes (or completes enough, it might take weeks if the
passwords are well chosen and/or the machine lacks horsepower), do this:
john -show shadow.old | gawk -F: '{ print $1":"$2 }' | chpasswd
(Note the absence of -e of chpasswd: this optional intentionally left blank).
John will also do Windows passwords if you're migrating authentication from
Borgware.
Cheers; Leon
--
http://www.cyberknights.com.au/ Modern tools, traditional dedication
http://slpwa.linux.org.au/ Member, Linux Professionals West Aus
http://conf.linux.org.au/ THE Australian Linux Technical Conf:
22-25 January 2003, Perth: be there!
More information about the lias
mailing list