Re: Converting Users from Solaris to (Debian-)Linux
Hi All ... thnx for all your advices. All went fine Many thnx, you saved me much time! Regards Jan On Fri, Aug 30, 2002 at 01:06:22PM +0200, Jan-Hendrik Palic wrote: Hi all .. I have a small problem, I am working on migrating an apache virtual web server with 80-120 virtual servers from a solaris to a linux mashine. I played around with /etc/passwd or /etc/shadow but I saw, that seems not to be easy to get it work. What I want ist, that the users have the same account with the same password on the linux maschine and solaris. Does anyone have a hint to do it? regards Jan -- .''`.Jan-Hendrik Palic | : :' : ** Debian GNU/ Linux ** | ** OpenOffice.org ** ,.. ,.. `. `' http://www.debian.org | http://www.openoffice.org ,: ..` ` `- [EMAIL PROTECTED] | ' ` ` -- .''`.Jan-Hendrik Palic | : :' : ** Debian GNU/ Linux ** | ** OpenOffice.org ** ,.. ,.. `. `' http://www.debian.org | http://www.openoffice.org ,: ..` ` `- [EMAIL PROTECTED] | ' ` `
Re: Converting Users from Solaris to (Debian-)Linux
Steve == Steve Mickeler [EMAIL PROTECTED] writes: Steve Thats because linux is using MD5 and solaris is only using crypt. Also, note that even using crypt under Linux, the hashes could be different. The first two characters are a salt, which is added to the password when it gets hashed. This is done to make dictionary attacks a bit harder (i.e. you can't just generate a list of words + their hashes). -- Hubert Chan [EMAIL PROTECTED] - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred. pgp3FuDkpteQ9.pgp Description: PGP signature
Re: Converting Users from Solaris to (Debian-)Linux
On Fri, Aug 30, 2002 at 06:16:09PM +0200, Jan-Hendrik Palic wrote: Your solaris hashes arent MD5. is it not possible to upgrade to MD5 on Solaris? Whether or not it is possible, it's not a good solution to the original problem (migrating users from Solaris to Debian). Remember, we want the users to have the exact same password that they've already set. We can't decrypt the crypt() hash and retrieve the cleartext password so that we can automatically convert it to an MD5 hash. Now, if one system or the other *did* support MD5, I'd think any existing crypt() passwords would be converted to MD5 as soon as the user changed their password. But that's not the current problem: if they were willing to change their passwords as part of the migration, why worry about the format of the password files at all? -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]
Converting Users from Solaris to (Debian-)Linux
Hi all .. I have a small problem, I am working on migrating an apache virtual web server with 80-120 virtual servers from a solaris to a linux mashine. I played around with /etc/passwd or /etc/shadow but I saw, that seems not to be easy to get it work. What I want ist, that the users have the same account with the same password on the linux maschine and solaris. Does anyone have a hint to do it? regards Jan -- .''`.Jan-Hendrik Palic | : :' : ** Debian GNU/ Linux ** | ** OpenOffice.org ** ,.. ,.. `. `' http://www.debian.org | http://www.openoffice.org ,: ..` ` `- [EMAIL PROTECTED] | ' ` ` pgpoFBajYeuSd.pgp Description: PGP signature
Re: Converting Users from Solaris to (Debian-)Linux
On Fri, Aug 30, 2002 at 01:06:22PM +0200, Jan-Hendrik Palic wrote: I have a small problem, I am working on migrating an apache virtual web server with 80-120 virtual servers from a solaris to a linux mashine. I played around with /etc/passwd or /etc/shadow but I saw, that seems not to be easy to get it work. The important parts of both files should be the same, assuming you used the same crypt mechanism on each (i.e., no MD5 hashes in /etc/shadow) Solaris 7 /etc/passwd: username:x:uid:gid:name:homedir:shell Solaris 7 /etc/shadow: username:passwordhash:number:: GNU/Linux (woody) /etc/passwd: username:x:uid:gid:name:homedir:shell GNU/Linux (woody) /etc/shadow: username:passwordhash:number:number:number:number::: The meaning of each number in the shadow file is documented in each system's manpage for shadow. What I want ist, that the users have the same account with the same password on the linux maschine and solaris. Put the hashes from the Solaris shadow into the Debian shadow, and they'll have the same password. -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]
Re: Converting Users from Solaris to (Debian-)Linux
The shadow file format between linux and solaris are different, but as long as you have the crypt() portion from the solaris shadow file, you can put it in the linux shadow file. example linux /etc/shadow entry: joeuser:YxlYT1esV4yz2:11474:0:9:7::: example solaris /etc/shadow entry: joeuser:YxlYT1esV4yz2:11513:: The /etc/passwd entries will look the same. On Fri, 30 Aug 2002, Jan-Hendrik Palic wrote: Hi all .. I have a small problem, I am working on migrating an apache virtual web server with 80-120 virtual servers from a solaris to a linux mashine. I played around with /etc/passwd or /etc/shadow but I saw, that seems not to be easy to get it work. What I want ist, that the users have the same account with the same password on the linux maschine and solaris. Does anyone have a hint to do it? regards Jan -- .''`.Jan-Hendrik Palic | : :' : ** Debian GNU/ Linux ** | ** OpenOffice.org ** ,.. ,.. `. `' http://www.debian.org | http://www.openoffice.org ,: ..` ` `- [EMAIL PROTECTED] | ' ` ` [-] Steve Mickeler [ [EMAIL PROTECTED] ] [|] Todays root password is brought to you by /dev/random [+] 1024D/9AA80CDF = 4103 9E35 2713 D432 924F 3C2E A7B9 A0FE 9AA8 0CDF
Re: Converting Users from Solaris to (Debian-)Linux
Hi .. thnx for the reply ... On Fri, Aug 30, 2002 at 11:24:20AM -0400, Steve Mickeler wrote: The shadow file format between linux and solaris are different, but as long as you have the crypt() portion from the solaris shadow file, you can put it in the linux shadow file. example linux /etc/shadow entry: joeuser:YxlYT1esV4yz2:11474:0:9:7::: example solaris /etc/shadow entry: joeuser:YxlYT1esV4yz2:11513:: The /etc/passwd entries will look the same. I have created a user test with pass test on Linux and Solaris: /etc/shadow on Linux: test:$1$mT.fKI5L$Fgq6C.AKbkzGfCU.RDDqj.:11929:0:9:7:-1:-1:134549020 /etc/shadow on Solaris: test:TCs9gC4bJy8rg:11929:: the hashes are quite different .. ;( That could be a problem, no? Regards Jan -- .''`.Jan-Hendrik Palic | : :' : ** Debian GNU/ Linux ** | ** OpenOffice.org ** ,.. ,.. `. `' http://www.debian.org | http://www.openoffice.org ,: ..` ` `- [EMAIL PROTECTED] | ' ` `
Re: Converting Users from Solaris to (Debian-)Linux
On Fri, Aug 30, 2002 at 05:42:51PM +0200, Jan-Hendrik Palic wrote: [..] I have created a user test with pass test on Linux and Solaris: /etc/shadow on Linux: test:$1$mT.fKI5L$Fgq6C.AKbkzGfCU.RDDqj.:11929:0:9:7:-1:-1:134549020 /etc/shadow on Solaris: test:TCs9gC4bJy8rg:11929:: the hashes are quite different .. ;( That could be a problem, no? No, should be not. The hash on Linux is md5 hash. On Solaris it is DES hash (output from crypt() function). Try it by creating a test user on Linux and substituing the line in /etc/shadow with corresponding line from Solaris (e.g. the above line). I just tried it and it works as it should. So - no problem. Good luck. -- Peter Samek [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Converting Users from Solaris to (Debian-)Linux
On Fri, Aug 30, 2002 at 05:42:51PM +0200, Jan-Hendrik Palic wrote: I have created a user test with pass test on Linux and Solaris: /etc/shadow on Linux: test:$1$mT.fKI5L$Fgq6C.AKbkzGfCU.RDDqj.:11929:0:9:7:-1:-1:134549020 /etc/shadow on Solaris: test:TCs9gC4bJy8rg:11929:: the hashes are quite different .. ;( you use MD5 password on your linuxbox. you should downgrade your crypt to normal hash password -- Tab
Re: Converting Users from Solaris to (Debian-)Linux
This one time, Vincent Hanquez wrote: /etc/shadow on Linux: test:$1$mT.fKI5L$Fgq6C.AKbkzGfCU.RDDqj.:11929:0:9:7:-1:-1:134549020 /etc/shadow on Solaris: test:TCs9gC4bJy8rg:11929:: the hashes are quite different .. ;( you use MD5 password on your linuxbox. you should downgrade your crypt to normal hash password Isn't this a security list? :) Why would anyone downgrade a hash? All my hashes are MD5 based, and I haven't had a problem copying password hashes out of Solaris. -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ pgpw43bC0tWhg.pgp Description: PGP signature
Re: Converting Users from Solaris to (Debian-)Linux
Thats because linux is using MD5 and solaris is only using crypt. You can use the crypt string from solaris in linux, but you cannot use the MD5 string from linux in solaris. On Fri, 30 Aug 2002, Jan-Hendrik Palic wrote: Hi .. thnx for the reply ... I have created a user test with pass test on Linux and Solaris: /etc/shadow on Linux: test:$1$mT.fKI5L$Fgq6C.AKbkzGfCU.RDDqj.:11929:0:9:7:-1:-1:134549020 /etc/shadow on Solaris: test:TCs9gC4bJy8rg:11929:: the hashes are quite different .. ;( That could be a problem, no? Regards Jan -- .''`.Jan-Hendrik Palic | : :' : ** Debian GNU/ Linux ** | ** OpenOffice.org ** ,.. ,.. `. `' http://www.debian.org | http://www.openoffice.org ,: ..` ` `- [EMAIL PROTECTED] | ' ` ` -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] [-] Steve Mickeler [ [EMAIL PROTECTED] ] [|] Todays root password is brought to you by /dev/random [+] 1024D/9AA80CDF = 4103 9E35 2713 D432 924F 3C2E A7B9 A0FE 9AA8 0CDF
Re: Converting Users from Solaris to (Debian-)Linux
Your solaris hashes arent MD5. Isn't this a security list? :) Why would anyone downgrade a hash? All my hashes are MD5 based, and I haven't had a problem copying password hashes out of Solaris. -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ [-] Steve Mickeler [ [EMAIL PROTECTED] ] [|] Todays root password is brought to you by /dev/random [+] 1024D/9AA80CDF = 4103 9E35 2713 D432 924F 3C2E A7B9 A0FE 9AA8 0CDF
Re: Converting Users from Solaris to (Debian-)Linux
This one time, Jan-Hendrik Palic wrote: On Fri, Aug 30, 2002 at 12:04:15PM -0400, Steve Mickeler wrote: Your solaris hashes arent MD5. is it not possible to upgrade to MD5 on Solaris? Would PAM for that? I'm not sure if I made my Debian box with MD5 then.. *sigh* -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ pgpzTxxaDNTCC.pgp Description: PGP signature
Re: Converting Users from Solaris to (Debian-)Linux
Jan-Hendrik Palic [EMAIL PROTECTED] writes: Hi .. On Fri, Aug 30, 2002 at 12:04:15PM -0400, Steve Mickeler wrote: Your solaris hashes arent MD5. is it not possible to upgrade to MD5 on Solaris? AFAIK Solaris does not support MD5. I wrote a PAM module that exactlky does that... Works for me :-) ftp://ftp.fifi.org/pub/phil/libpam-md5 Phil.