Date: Thu, 31 Oct 2019 17:16:22 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: Wojciech Puchar <wojtek@puchar.net> Cc: freebsd-hackers@freebsd.org Subject: Re: converting password hashes Message-ID: <20191101001622.GB8521@funkthat.com> In-Reply-To: <alpine.BSF.2.20.1910291310310.72617@puchar.net> References: <alpine.BSF.2.20.1910291310310.72617@puchar.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Wojciech Puchar wrote this message on Tue, Oct 29, 2019 at 13:13 +0100:
> i want to convert accouts from one system where there was mail-only
> accounts using dovecot/postfix based system and SQL tables to my system,
> where accounts are real unix accounts - that do mail and other things.
>
> I don't know all people's plaintext passwords, and i don't need to and
> want to, but i want new accounts to work with the same passwords
>
> in SQL tables there are entries like this:
>
> $1$aab7638c$Cn7BA/oU4mzr0QltXzV7Z0
>
> and these works by simple cut and paste to /etc/master.passwd file
>
>
> but there are entries like:
>
> {PLAIN-MD5}c575f55800a549930b9063b43af04f47
>
> that doesn't
>
>
> is there a way to make it work without contacting over hundred people and
> telling them what new password they have?
There's two ways, one is to write a PAM module or extend crypt(3) to
support the plain md5 format from postgresql.
The other option is to do what is called on-line conversion. Ask all
the affected users to login using their existing password, and as part
of the process, you now have their original password, so you jsut
re-crypt them w/ a compatible format, and then store and use the new
format.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191101001622.GB8521>