LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 05-14-2009, 04:11 PM   #1
genmaicha
Member
 
Registered: Apr 2009
Posts: 38

Rep: Reputation: 15
migrating /etc/passwd (and shadow) between machines: why should it work?


So apparently it's possible to copy entries from the /etc/passwd and /etc/shadow from one machine to another, and it 'just works'. My question is, why? According to the shadow(5) manpage, the passwords are encrypted via the crypto function which takes a salt. Do all distros use the same salt? Otherwise I don't see how this is possible.
 
Old 05-14-2009, 04:20 PM   #2
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
The salt is part of the shadow entry. The entry is broken down as:

Code:
struct spwd {
         char          *sp_namp; /* user login name */
         char          *sp_pwdp; /* encrypted password */
         long int      sp_lstchg; /* last password change */
         long int      sp_min; /* days until change allowed. */
         long int      sp_max; /* days before change required */
         long int      sp_warn; /* days warning for expiration */
         long int      sp_inact; /* days before account inactive */
         long int      sp_expire; /* date when account expires */
         unsigned long int  sp_flag; /* reserved for future use */
}
The sp_pwdp portion is a $ separated value string with the portions between $'s being:

single_digit signifying the method of encryption
salt
encrypted password

HTH

Forrest
 
Old 05-14-2009, 04:36 PM   #3
genmaicha
Member
 
Registered: Apr 2009
Posts: 38

Original Poster
Rep: Reputation: 15
awesome, I can reproduce the hash in my /etc/shadow by using the salt "$1$abcdefgh" for crypt(). What other encryption methods are there besides md5 and des? my man crypt doesn't mention anything else.
 
Old 05-14-2009, 04:43 PM   #4
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Here is what my man says about it:

Code:
NOTES
   Glibc Notes
       The glibc2 version of this function supports additional encryption algorithms.

       If salt is a character string starting with the characters "$id$" followed by a string terminated by "$":

              $id$salt$encrypted

       then instead of using the DES machine, id identifies the encryption method used and this then determines how the rest of the password string is interpreted.  The following values of id are supported:

              ID  | Method
              ---------------------------------------------------------
              1   | MD5
              2a  | Blowfish (not in mainline glibc; added in some
                  | Linux distributions)
              5   | SHA-256 (since glibc 2.7)
              6   | SHA-512 (since glibc 2.7)

       So $5$salt$encrypted is an SHA-256 encoded password and $6$salt$encrypted is an SHA-512 encoded one.

       "salt" stands for the up to 16 characters following "$id$" in the salt.  The encrypted part of the password string is the actual computed password.  The size of this string is fixed:

       MD5     | 22 characters
       SHA-256 | 43 characters
       SHA-512 | 86 characters

       The characters in "salt" and "encrypted" are drawn from the set [a–zA–Z0–9./].  In the SHA implementation the entire key is significant (instead of only the first 8 bytes in MD5).
HTH

Forrest

p.s. So, I guess the ID isn't limited to one char I've just only ever seen one.

Last edited by forrestt; 05-14-2009 at 04:44 PM. Reason: added p.s.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Migrating from shadow passwords to tcb in Linux LXer Syndicated Linux News 0 08-24-2006 10:54 AM
passwd shadow problem rblampain Linux - Distributions 2 10-04-2005 01:00 AM
Moving /etc/passwd and /etc/shadow john8675309 Linux - Software 1 01-24-2005 09:44 PM
mismatch with /etc/passwd and /etc/shadow AngryKeebler Linux - General 1 07-23-2004 04:42 PM
/etc/passwd or /etc/shadow? tiger7007 Linux - Security 2 03-21-2004 05:41 AM


All times are GMT -5. The time now is 03:51 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration