[Fedora] Re: Upgrading old RH server
Todd Denniston
Todd.Denniston at ssa.crane.navy.mil
Tue Feb 3 15:44:15 UTC 2009
Kevin Martin wrote, On 02/03/2009 10:25 AM:
>
> Ashley M. Kirchner wrote:
>> Kevin Kofler wrote:
>>> There's no way to convert the passwords automatically as the hashes
>>> used are
>>> not reversible by design (otherwise it would just be cheap
>>> obfuscation and
>>> add no real security).
>>>
>> Considering the old method seems to work just fine on FC10, what
>> could I be breaking if I just do that? Do a clean FC10 install, then
>> recover the pertinent files from backup, including that /etc/shadow
>> file which has everyone's current passwords.
>>
>> Sooner or later, everyone will have their password expire and it
>> becomes a moot point, but till then, can I expect things to run fine?
>>
> Beware the use of the new password scheme if this is a NIS master server
> and you have any NIS clients that aren't RH/Fedora (recent) machines. I
> have a mixed bag of AIX, SunOS (8 and 10), and Linux (old RH and newer
> Fedora) and I had to force the use of the old password algorithms as
> SunOS 8 and older AIX can't handle the new scheme.
>
> Kevin
>
Ashley should also be aware that (at least in my experience),
NIS/yppasswd/passwd will use the type of password last set for the user.
i.e., when we got rid of our last SunOS box, I had to remove each user's
password and have them immediately set a new one, specifically using the
`passwd` program to get into the md5sum schema, so it may not be as easy as
letting everyone's passwords expire.
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
More information about the fedora-list
mailing list