[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New generation passwords
On Thu, 22 Jun 2000, support wrote:
>
> I didn't mean to upgrade the machine with the 2.0.30 to 2.2.13 but to
> build a new machine with 2.2.13, boot from it and mount the old machine
> and then copy the relevant directories & files (like passwd and shadow)
doesn't Slackware 7.0 have an upgrade path? make a mirror of the disk,
install on a different machine and upgrade safely. should be just fine.
as for the shadow file format: it's really standard. slackware uses it
probably with standard library calls (glibc I think) and RedHat/Mandrake
uses PAM. if you look at such a system (if you are upgrading to one that
is, you will see:
[root@iglu /root]# cat /etc/pam.d/passwd
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_pwdb.so use_authtok nullok shadow md5
the last like means using md5 hash, but a crypt will also be read
correctly. all new password changes will be saved as crypt. if you
remove it, it will default to crypt read and write at all times.
unless you meant the shadow file field structure is different, which
seems odd to me. but in that case, do "pwunconv" on the old machine,
copy the passwd file to the new machine, delete the shadow file that may
be hanging there, and run "pwconv", that will rebuild it in whatever way
the target machine likes it.
final note: it's a bad idea to give users a UID in the password file if
all they do is dial-up and mail. you should have a DB with
"virtual" users, i.e. not unix UIDs. just to add to the security and
manageability. see the Qmail site on building a simple, effective pop3
toaster.
--
Ira Abramov (@- Gnu/Linux, Free Speech, RFC 1855
whois: IA58 //\ Peace, Love, Music, Slow Food
www.scso.com v_/_ Citroens, Camels, Penguins, Cats
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il