*BSD News Article 64337


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!nntp.coast.net!howland.reston.ans.net!sol.ctr.columbia.edu!startide.ctr.columbia.edu!wpaul
From: wpaul@ctr.columbia.edu (Bill Paul)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: passwd file upgrading
Date: 26 Mar 1996 15:45:38 GMT
Organization: Columbia University Center for Telecommunications Research
Lines: 51
Message-ID: <4j93f2$ra3@sol.ctr.columbia.edu>
References: <4j89as$ejl@pigdog.topend.com.au> <4j89dk$ekp@pigdog.topend.com.au>
NNTP-Posting-Host: startide.ctr.columbia.edu
X-Newsreader: TIN [version 1.2 PL2]

Daring to challenge the will of the almighty Leviam00se, Robert Nagy
(nagy@gypsy.topend.com.au) had the courage to say:

: Robert Nagy (nagy@gypsy.topend.com.au) wrote:
: : Hi Folks,

: : I have had a play with 2.1R and like it a lot.  The only thing that 
: : concerns me is that 2.1R can't seem to read my 1.1.5.1 passwd file.  Rather 
: : than get all my users to rekey their passwords is there some clear way to 
: : bring this file accross?  Is it possible I am running DES on 1.1.5.1 and 
: : not on 2.1R ?  

: For the pedantic among you, I really meant master.passwd file. :-)

: Robert

You have to explain more clearly what you mean by 'can't seem to read.'
How did you try to read it?

The master.passwd file format has not changed between versions. There
should be ten fields, seven of which correspond to the standard V7
passwd file format, and three new ones (account class, password change
time and account expiration). All you have to do is read in the
entries of the users you want to preserve into vipw on the 2.1 system
and save it; vipw(8) will then rebuild the hash password databases
for you. (Don't try copying over the new file verbatim; you probably
don't want to replace the entries for things like bin, daemon or root.)

Understand that coying the master.passwd file along is not enough;
you _do_ have to rebuild /etc/spwd.db, /etc/pwd.db and /etc/passwd
using master.passwd as a template (with vipw(8) or pwd_mkdb(8) directly).
Just copying over the one text file does nothing.

As for DES, well... how the heck are _we_ supposed to know if you're
using DES or not? _You_ have to check that. Look at the password fields
in the two master.passwd files; DES encrypted passwords are 13 characters
long (actually 11 plus 2 salt characters). MD5 encrypted passwords are
much longer, and always begin with the characters '$1$'. Obviously,
the new machine will need to use the same encryption scheme as the
old one if you want the old passwords to work.

-Bill

--
=============================================================================
-Bill Paul            (212) 854-6020 | System Manager, Master of Unix-Fu
Work:         wpaul@ctr.columbia.edu | Center for Telecommunications Research
Home:  wpaul@skynet.ctr.columbia.edu | Columbia University, New York City
=============================================================================
    "If you are in trouble, go the CTR. Ask for Bill. He will help you."
=============================================================================