I'm migrating users from an old server to a new one. It's only a few users, we want to migrate only the active ones and reorganize groups in the process, so I'm doing it manually. One problem remains: How can I migrate their passwords to the new server? Is there a better way than copying password hashes from /etc/shadow by hand?
Asked
Active
Viewed 1.5k times
3
Petr
- 3,031
- 7
- 27
- 45
3 Answers
4
Since there are few enough accounts for you to migrate manually I think lifting the hashes by hand is the way to go. That's how I'd do it atleast.
azzid
- 403
- 1
- 4
- 12
-
Can you please elaborate on how lifting hashes by hand. I assume this means copying hashed passwords, i.e. items between second and third colons in lines for eligible users, from /etc/shadow on source system and pasting them into corresponding lines on target system. Right? – Drux Aug 01 '17 at 17:39
-
@Drux Right. Just copy the appropriate lines from /etc/shadow. Or if the user has a line in the target file, just copy the password hash. It's the only field that looks like gibberish. ;-) – azzid Aug 01 '17 at 17:46
2
Well, you wouldn't need to do it by hand. Just use lastlog to get the list of users who have logged on at least once in, for example, the past year and then grep them in /etc/shadow:
lastlog -t 365 | gawk '{print $1}' | tail -n +2 | while read n; do \
grep -w $n /etc/shadow; done
You could also automate the user creation on the new server as described in my answer here.
-
TBH I'm not sure, and my first experiments aren't very successful. But I don't know any other way how to do it. – Petr Feb 07 '13 at 20:47
-
1Copying shadow lines does work; I did it not too long ago during a server move with lots of users. It broke a few users, but almost all still worked. – cpast Feb 08 '13 at 00:15