3
1
I'm migrating users from an old server to a new one. It's only a few users, we want to migrate only the active ones and reorganize groups in the process, so I'm doing it manually. One problem remains: How can I migrate their passwords to the new server? Is there a better way than copying password hashes from /etc/shadow by hand?
Petr Pudlák
Posted 2013-02-07T15:37:44.703
Reputation: 2 197
5
I found chpasswd tool. With -e it accepts a list of users with their encrypted passwords to set. It's just what I've been looking for.
Petr Pudlák
Posted 2013-02-07T15:37:44.703
Reputation: 2 197
4
Since there are few enough accounts for you to migrate manually I think lifting the hashes by hand is the way to go. That's how I'd do it atleast.
azzid
Posted 2013-02-07T15:37:44.703
Reputation: 353
2
Well, you wouldn't need to do it by hand. Just use lastlog to get the list of users who have logged on at least once in, for example, the past year and then grep them in /etc/shadow:
lastlog -t 365 | gawk '{print $1}' | tail -n +2 | while read n; do \
grep -w $n /etc/shadow; done
You could also automate the user creation on the new server as described in my answer here.
terdon
Posted 2013-02-07T15:37:44.703
Reputation: 45 216
TBH I'm not sure, and my first experiments aren't very successful. But I don't know any other way how to do it. – Petr Pudlák – 2013-02-07T20:47:53.257
1Copying shadow lines does work; I did it not too long ago during a server move with lots of users. It broke a few users, but almost all still worked. – cpast – 2013-02-08T00:15:08.937
Can you please elaborate on how lifting hashes by hand. I assume this means copying hashed passwords, i.e. items between second and third colons in lines for eligible users, from /etc/shadow on source system and pasting them into corresponding lines on target system. Right? – Drux – 2017-08-01T17:39:47.987
@Drux Right. Just copy the appropriate lines from /etc/shadow. Or if the user has a line in the target file, just copy the password hash. It's the only field that looks like gibberish. ;-) – azzid – 2017-08-01T17:46:40.173