• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 158
  • Last Modified:

migrated password hashes in /etc/shadow not working

Ive just tried to migrate some users to a new linux machine. Target is a scientific Linux 7 and source is an older Suse Linux. The copied hashes in /etc/shadow are not working in SL7. Previously I've already managed to migrate user accounts that way, but never to Scientific Linux. Maybe they limit the hash functions by default and there is a switch to turn on older hashing methods somewhere, but I dont know where to start to look.

So any hint where to investigate further is appreciated.
0
andreas
Asked:
andreas
  • 4
  • 3
1 Solution
 
Zephyr ICTCloud ArchitectCommented:
Maybe the encryption is different, don't know off hand what SUSE uses so, check both boxes:

cat /etc/default/passwd | grep CRYPT

Open in new window


In which case converting will not be an option really, better to reset the passwords probably.
0
 
andreasSystem AdminAuthor Commented:
The OpenSuse is using blowfish

SL7 SHA512 (no default password file) but seen from the shadow file itself.

I have just copied a few users passwordc lines from suse to the new SL7 box but password authentication fails for the blowfish hashes.
0
 
Zephyr ICTCloud ArchitectCommented:
Yes, then it's still the same, SL7 is like Red Hat/CentOS, uses SHA512 ... You can't convert Blowfish to SHA512 ...

So, like I said, I'm afraid you'll have to provide new passwords for the users.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
andreasSystem AdminAuthor Commented:
Hmm pity, ive just thought /etc/shadow will accept different hash methods as they are specified there and the systems hash function is only used upon creation of new passwords. But this assumption seems incorrect.
0
 
Zephyr ICTCloud ArchitectCommented:
Yes, I think so ... Though I never tested on changing the hashing algorithm on the system, maybe that's possible, though I wouldn't really advice on it.
0
 
andreasSystem AdminAuthor Commented:
Ive researched a little bit more. Scientific Linux does not support blowfish hashes at all. They dont have packages for the necessary pam_modules. else it would have worked, a mixed environment with sha512 and blowfish hashes. pam_unix2.so isnt available.

As its jsut a few users i force new passwords. I will not mess with manually compiling and cofiguring pam_modules from source.
0
 
Zephyr ICTCloud ArchitectCommented:
Nice, thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now