From owner-freebsd-isp Wed Sep 29 9: 8:27 1999 Delivered-To: freebsd-isp@freebsd.org Received: from pau-amma.whistle.com (pau-amma.whistle.com [207.76.205.64]) by hub.freebsd.org (Postfix) with ESMTP id 4C2A115918 for ; Wed, 29 Sep 1999 09:01:18 -0700 (PDT) (envelope-from dhw@whistle.com) Received: (from dhw@localhost) by pau-amma.whistle.com (8.9.2/8.9.2) id JAA30532; Wed, 29 Sep 1999 09:01:18 -0700 (PDT) Date: Wed, 29 Sep 1999 09:01:18 -0700 (PDT) From: David Wolfskill Message-Id: <199909291601.JAA30532@pau-amma.whistle.com> To: freebsd-isp@FreeBSD.ORG, up@3.am Subject: Re: changing server platforms In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Date: Wed, 29 Sep 1999 10:20:46 -0400 (EDT) >From: >I'm getting ready to change our main server (mail, user web, ftd, >secondary radius, etc) from Sparc Solaris 2.6 to FreeBSD 3.2-RELEASE >soon. My main concern is going to be getting > 1100 usernames and >passwords moved over. >I can see that just moving /etc/passwd and /etc/shadow over isn't going to >work. In fact, I can see that FBSD doesn't even have an /etc/shadow, but >what I assume contains that data, /etc/pwd.db, which appears to be some >sort of hashed file. It's hashed, but FreeBSD & Solaris 2.x handle the storage of the encrypted passwords rather differently. In Solaris 2.x, there is little else useful in /etc/shadow than the encrypted passwords. (There's stuff about expiration dates & things of that nature.) But about the only thing that common between /etc/passwd and /etc/shadow is the login, which is used as the key for each. In FreeBSD, the text file that contains the encrypted passwords is /etc/master.passwd. /etc/passwd and /etc/pwd.db are generated from it; the former is extracted as a (proper) subset of the information in master.passwd. >So far, I can think of a few ways to do this, none of them ideal: >1: gather all the usernames and passwords from a customer database and >write a script to add them all in. Problem with this is that database >isn't 100% up-to-date with the passwords. Big problem I would have with that is that if it were feasible, that would imply that you had plain-text passwords around. >2: run a crack program (any recommendations?) on a copy of the Solaris >/etc/shadow file, then trim out the username/passwd pairs for same script. Urrgh. >Or There's a well-known utility to translate Solaris /etc/passwd >and /etc/shadow files into a working FreeBSD format . >Suggestions appreciated... If you're using DES encryption on the FreeBSD box, you should be able to snip the encrypted passwords out of Solaris:/etc/shadow and use them, along with what's in Solaris:/etc/passwd, to fabricate FreeBSD:/etc/master.passwd records. If the logins on the Solaris box are actually unique, this should be a reasonably straightforward task. Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message