LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 01-17-2008, 02:36 PM   #1
Lionhard
LQ Newbie
 
Registered: May 2007
Location: Brasilia, BR
Distribution: Gentoo
Posts: 17

Rep: Reputation: 0
Moving user accounts between computers (Something wrong with passwd, shadow, etc.)


I have an machine, running OpenSUSE, that I'm using as a cluster server and as login server, and another machine runing Debian Etch r2, that will be the new server. I have installed everything in the Debian machine and copied the /etc/passwd and such from the OpenSUSE machine. Then, I've noticed something very weird: seems that the way of managing the users passwords are different. I mean, the root password is the same in both Debian Machine and OpenSUSE machine, but when i give it a look, the shadowed password is somewhat different. What is happening? Do I have to make any conversion to make the user account files work in the Debian? There's any tool or way to do it?
 
Old 01-17-2008, 04:49 PM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

It's because the hash is salted (the first 8 characters after the "$1$'), so it's unlikely that you'll have the same hash value in shadow for two accounts with the same password. Should work just fine with no intervention.

http://en.wikipedia.org/wiki/Salt_(cryptography)

Dave

Last edited by ilikejam; 01-17-2008 at 05:09 PM.
 
Old 01-18-2008, 08:10 AM   #3
Lionhard
LQ Newbie
 
Registered: May 2007
Location: Brasilia, BR
Distribution: Gentoo
Posts: 17

Original Poster
Rep: Reputation: 0
I was looking into the suse shadow file, and some passwords isn't $1$, but $2a$10$ that comes in the beginning. What it means? I can't figure out, and the man pages tells nothing about $2a$10$.

Thanks.

Last edited by Lionhard; 01-18-2008 at 08:16 AM.
 
Old 01-18-2008, 08:20 AM   #4
Lionhard
LQ Newbie
 
Registered: May 2007
Location: Brasilia, BR
Distribution: Gentoo
Posts: 17

Original Poster
Rep: Reputation: 0
I recently readed that SUSE uses blowfish, and debian/ubuntu uses md5 for encrypting the passwords... Im googlein for it, but if you have a solution, please post.
Thanks.

Last edited by Lionhard; 01-18-2008 at 08:47 AM.
 
Old 01-18-2008, 11:45 AM   #5
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Depending on how PAM (I think it's PAM that controls the hash type anyway) was compiled on SuSE, you may be able to change the hash type in authconfig to MD5, and make it compatible with your existing MD5 shadow files.

WARNING: I'd research this thoroughly before implementing, as I'd imagine that changing the hash type to MD5, but still having Blowfish hashes in /etc/shadow might stop you logging into the box.

Dave

Last edited by ilikejam; 01-18-2008 at 03:46 PM.
 
Old 01-18-2008, 08:53 PM   #6
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,324

Rep: Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099Reputation: 1099
Each password-entry is of a recognizable format that tells the system how the password-value is encoded.

The entry also includes some "salt." This is a purely-random value that is injected into the value, along with the password. The "salt" value is then provided in the password-file as clear-text. What the salt does is to inject some deliberate entropy into the mix so that there is no longer a one-to-one correspondence between "a particular password" and "its encrypted equivalent." If the salt were merely a 32-bit integer, there would now be more than 4 million ways to hash the same password, and every one of the hashed values would be radically different.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Moving of user accounts from one server to other zealkabi Linux - Enterprise 2 06-16-2006 02:02 AM
Moving portions of /etc/passwd and /etc/shadow skreaminskull Linux - Security 3 05-19-2006 10:35 AM
how passwd(1) for normal user changes /etc/shadow? sknowonweb Linux - Newbie 1 12-22-2005 12:06 PM
Moving /etc/passwd and /etc/shadow john8675309 Linux - Software 1 01-24-2005 08:44 PM
moving user accounts gurra Linux - Security 1 11-25-2003 09:14 AM


All times are GMT -5. The time now is 01:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration