Upgrading old RH server
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Mon Feb 2 01:37:17 UTC 2009
Kevin Kofler wrote:
> Ashley M. Kirchner wrote:
>> We have an old RH7.3 server that holds all of our user accounts.
>> I'm in the process of upgrading everything to FC10 and looking at
>> /etc/shadow I'm noticing some differences in the way the passwords are
>> encrypted/stored.
>
> Different hashing algorithms. (The new one is more secure.)
>
>> I tried simply copying the old shadow file to a new FC10 server and
>> it seems to work just fine, however I wonder if I'm not breaking
>> something else by doing that. So, what's the proper way to do this? I
>> really don't want to have to reset everyone's password (at least not
>> till they reach their forced expiration.)
>
> There's no way to convert the passwords automatically as the hashes used are
> not reversible by design (otherwise it would just be cheap obfuscation and
> add no real security).
>
> Kevin Kofler
>
You could always try expiring the password early. Try it with your
own password, and see if changing it converts it to the new hash...
I seam to remember reading something about that working, but I am a
bit hazy about it.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090201/640be0ea/attachment-0001.sig>
More information about the fedora-list
mailing list