migrate /etc/shadow from Solaris 10 to other Unix/Linux OS Versions
 

Dear All,


I need to setup a server in Unix/Linux platform where i need to setup 300+ user accounts with no change in the user password from the primary server.

The primary server runs on Solaris 10.

Any idea how to migrate the /etc/shadow file. I have been googling for quite some time with 0 luck.

Thanks in advance

Just copy it over?

You'll need to copy passwd and group as well. And as always, make backups of these files.

Thanks but Tried copying entries & it didn't work out!

Please let me know if I missed anything! It works fine if i copy from One Solaris system to another Solaris - OS version doesn't cause any problem.

I was actually trying to copy it from a Solaris system to a Redhat system and later on will try it on a FreeBSD system.

so far no luck!

As you have found you can copy within environments, solaris to solaris and linux to linux, but not linux to solaris.

Each environment encrypts the password differently so you cannot just copy the password hash across. (The Linux hash is about twice the length of the solaris one). You will probably wind up requesting users set up their password on a linux server and a solaris then copying those as needed or setting them to a defined password.

Passwords are not really crypted on Unix systems but hashed, i.e. they cannot be decrypted.

The hashing algorithm can be configured on Solaris from the traditional crypt_unix one to one compatible with Linux by modifying the CRYPT_DEFAULT parameter in the policy.conf file. For an example, see:

http://docs.sun.com/app/docs/doc/816...%2Fpolicy.conf

Of course, modifying this setting will only affect new passwords so you'll need to wait for all your users to have renewed their password to have a compatible /etc/shadow file. This might be never depending on your expiration policy.

This file is also telling what algorithms will be accepted while processing password. I don't know if such a configuration file exist in the Linux distribution you use but that would be another way to solve your problem.

Usually, this kind of heterogeneous authentication issues are better handled by separating the user's operating systems from the authentication service, usually NIS or LDAP.

can u help me as well i am also looking for same requirement

Hi VMKRVMR and welcome to LQ.

Suggest you move forwards with the thread question you created here: http://www.linuxquestions.org/questi...ns-4175610257/ versus in a 7 year old question.

The answer I provided seven years ago remains valid.

Solaris 10 default legacy /etc/shadow hash algorithm (crypt_unix) was not supported by Linux and still not is. In fact the generated hashes weren't even guaranteed to be compatible between Unix implementations.

hi jillagre

then wat is the solution for my task of copying the users/groups from solaris to linux with same permissions

This method won't work. A workaround might be to write a custom Linux PAM module able to understand Solaris crypt_unix.

Read the LQ rules about text speak and not using it. And the solution is for you to write a shell script as you were suggested in your other thread. We will help, but you actually have to show effort and write something.