[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora] Re: Upgrading old RH server

Kevin Martin wrote, On 02/03/2009 10:25 AM:

Ashley M. Kirchner wrote:
Kevin Kofler wrote:
There's no way to convert the passwords automatically as the hashes
used are
not reversible by design (otherwise it would just be cheap
obfuscation and
add no real security).
   Considering the old method seems to work just fine on FC10, what
could I be breaking if I just do that?  Do a clean FC10 install, then
recover the pertinent files from backup, including that /etc/shadow
file which has everyone's current passwords.

   Sooner or later, everyone will have their password expire and it
becomes a moot point, but till then, can I expect things to run fine?

Beware the use of the new password scheme if this is a NIS master server
and you have any NIS clients that aren't RH/Fedora (recent) machines.  I
have a mixed bag of AIX, SunOS (8 and 10), and Linux (old RH and newer
Fedora) and I had to force the use of the old password algorithms as
SunOS 8 and older AIX can't handle the new scheme.


Ashley should also be aware that (at least in my experience), NIS/yppasswd/passwd will use the type of password last set for the user. i.e., when we got rid of our last SunOS box, I had to remove each user's password and have them immediately set a new one, specifically using the `passwd` program to get into the md5sum schema, so it may not be as easy as letting everyone's passwords expire.

Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]