migrate /etc/shadow from Solaris 10 to other Unix/Linux OS Versions

qs_tahmeed · 06-16-2010, 05:13 AM

Dear All,

I need to setup a server in Unix/Linux platform where i need to setup 300+ user accounts with no change in the user password from the primary server.

The primary server runs on Solaris 10.

Any idea how to migrate the /etc/shadow file. I have been googling for quite some time with 0 luck.

Thanks in advance

AlucardZero · 06-16-2010, 06:22 AM

Just copy it over?

You'll need to copy passwd and group as well. And as always, make backups of these files.

qs_tahmeed · 06-16-2010, 09:05 AM

Thanks but Tried copying entries & it didn't work out!

Please let me know if I missed anything! It works fine if i copy from One Solaris system to another Solaris - OS version doesn't cause any problem.

I was actually trying to copy it from a Solaris system to a Redhat system and later on will try it on a FreeBSD system.

so far no luck!

Blinker_Fluid · 06-21-2010, 10:55 AM

As you have found you can copy within environments, solaris to solaris and linux to linux, but not linux to solaris.

Each environment encrypts the password differently so you cannot just copy the password hash across. (The Linux hash is about twice the length of the solaris one). You will probably wind up requesting users set up their password on a linux server and a solaris then copying those as needed or setting them to a defined password.

jlliagre · 06-21-2010, 04:31 PM

Passwords are not really crypted on Unix systems but hashed, i.e. they cannot be decrypted.

The hashing algorithm can be configured on Solaris from the traditional crypt_unix one to one compatible with Linux by modifying the CRYPT_DEFAULT parameter in the policy.conf file. For an example, see:

http://docs.sun.com/app/docs/doc/816...%2Fpolicy.conf

Of course, modifying this setting will only affect new passwords so you'll need to wait for all your users to have renewed their password to have a compatible /etc/shadow file. This might be never depending on your expiration policy.

This file is also telling what algorithms will be accepted while processing password. I don't know if such a configuration file exist in the Linux distribution you use but that would be another way to solve your problem.

Usually, this kind of heterogeneous authentication issues are better handled by separating the user's operating systems from the authentication service, usually NIS or LDAP.