migrated password hashes in /etc/shadow not working

Ive just tried to migrate some users to a new linux machine. Target is a scientific Linux 7 and source is an older Suse Linux. The copied hashes in /etc/shadow are not working in SL7. Previously I've already managed to migrate user accounts that way, but never to Scientific Linux. Maybe they limit the hash functions by default and there is a switch to turn on older hashing methods somewhere, but I dont know where to start to look.

So any hint where to investigate further is appreciated.
LVL 12
andreasSystem AdminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
Maybe the encryption is different, don't know off hand what SUSE uses so, check both boxes:

cat /etc/default/passwd | grep CRYPT

Open in new window


In which case converting will not be an option really, better to reset the passwords probably.
0
andreasSystem AdminAuthor Commented:
The OpenSuse is using blowfish

SL7 SHA512 (no default password file) but seen from the shadow file itself.

I have just copied a few users passwordc lines from suse to the new SL7 box but password authentication fails for the blowfish hashes.
0
Zephyr ICTCloud ArchitectCommented:
Yes, then it's still the same, SL7 is like Red Hat/CentOS, uses SHA512 ... You can't convert Blowfish to SHA512 ...

So, like I said, I'm afraid you'll have to provide new passwords for the users.
0
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

andreasSystem AdminAuthor Commented:
Hmm pity, ive just thought /etc/shadow will accept different hash methods as they are specified there and the systems hash function is only used upon creation of new passwords. But this assumption seems incorrect.
0
Zephyr ICTCloud ArchitectCommented:
Yes, I think so ... Though I never tested on changing the hashing algorithm on the system, maybe that's possible, though I wouldn't really advice on it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
andreasSystem AdminAuthor Commented:
Ive researched a little bit more. Scientific Linux does not support blowfish hashes at all. They dont have packages for the necessary pam_modules. else it would have worked, a mixed environment with sha512 and blowfish hashes. pam_unix2.so isnt available.

As its jsut a few users i force new passwords. I will not mess with manually compiling and cofiguring pam_modules from source.
0
Zephyr ICTCloud ArchitectCommented:
Nice, thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.