Date: Wed, 29 Sep 1999 09:01:18 -0700 (PDT) From: David Wolfskill <dhw@whistle.com> To: freebsd-isp@FreeBSD.ORG, up@3.am Subject: Re: changing server platforms Message-ID: <199909291601.JAA30532@pau-amma.whistle.com> In-Reply-To: <Pine.GSO.4.10.9909291006230.17159-100000@richard2.pil.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Wed, 29 Sep 1999 10:20:46 -0400 (EDT) >From: <up@3.am> >I'm getting ready to change our main server (mail, user web, ftd, >secondary radius, etc) from Sparc Solaris 2.6 to FreeBSD 3.2-RELEASE >soon. My main concern is going to be getting > 1100 usernames and >passwords moved over. >I can see that just moving /etc/passwd and /etc/shadow over isn't going to >work. In fact, I can see that FBSD doesn't even have an /etc/shadow, but >what I assume contains that data, /etc/pwd.db, which appears to be some >sort of hashed file. It's hashed, but FreeBSD & Solaris 2.x handle the storage of the encrypted passwords rather differently. In Solaris 2.x, there is little else useful in /etc/shadow than the encrypted passwords. (There's stuff about expiration dates & things of that nature.) But about the only thing that common between /etc/passwd and /etc/shadow is the login, which is used as the key for each. In FreeBSD, the text file that contains the encrypted passwords is /etc/master.passwd. /etc/passwd and /etc/pwd.db are generated from it; the former is extracted as a (proper) subset of the information in master.passwd. >So far, I can think of a few ways to do this, none of them ideal: >1: gather all the usernames and passwords from a customer database and >write a script to add them all in. Problem with this is that database >isn't 100% up-to-date with the passwords. Big problem I would have with that is that if it were feasible, that would imply that you had plain-text passwords around. >2: run a crack program (any recommendations?) on a copy of the Solaris >/etc/shadow file, then trim out the username/passwd pairs for same script. Urrgh. >Or <dream> There's a well-known utility to translate Solaris /etc/passwd >and /etc/shadow files into a working FreeBSD format </dream>. >Suggestions appreciated... If you're using DES encryption on the FreeBSD box, you should be able to snip the encrypted passwords out of Solaris:/etc/shadow and use them, along with what's in Solaris:/etc/passwd, to fabricate FreeBSD:/etc/master.passwd records. If the logins on the Solaris box are actually unique, this should be a reasonably straightforward task. Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909291601.JAA30532>