OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Florian Verdet (florian.verdet_at_unifr.ch)
Date: Wed Feb 26 2003 - 10:35:23 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     |________________________________________
     |\|Jerry Bonner <Jerry.Bonnercpinternet.com> ha scrit als Tue, 25 Feb
     | 2003 16:05:55 -0600:
    [...]
     | |
     | |here's what I'm trying to do, I'm not sure if it will work the way
     | | that I might want but here goes : I need to migrate users account
     | | from a redhat
     | |would like for them to be able to keep their passwords intact since I
     | | have to migrate *alot* of users. Sooo, I'm hoping that I can copy
     | | the passwords from the redhat box (MD5 encrypted I believe) to the
     | | Solaris box (which uses
     | |DES I believe, I'm not too familiar with Solaris) and have the
     | | Solaris machine be able to understand the md5 passwords as well as
     | | native solaris ones
     | |[...]
     | |
     | |Jerry Bonner

    Perhaps authenticating the users that log in with MD5 on the Linux machine
    and at same time storing their passwd in DES in a copy of /etc/passwd ?
    And after some time, you'll have (at least) most passwds also in DES -
    except the users, who didn't login 'till that time.

    As I know, you don't have to alter the pam_unix module for that. You can
    easily use the stacking feature of pam and write your ovn module taking
    the passwd and store it in the other file.
    I think, you can copy most of the code from the pam_unix module... I think
    you should take some code of the pam_unix password management (passwd
    changing) section and use it in the new modules auth section (for writing
    the (DES) passwd to a file).

    Then you can use you module and specify the use_firstpass (or
    try_firstpass) argument to your module.

    cf.:
    --- http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-4.html ---
    [...]
     use_first_pass

    The module should not prompt the user for a password. Instead, it should
    obtain the previously typed password (from the preceding auth module),
    and use that. If that doesn't work, then the user will not be
    authenticated. (This option is intended for auth and password modules
    only).
    [...]
    --------

    Did you understand what I mean?
    It is just a thought...
    (It would be less heavy to implement than porting the pam_unix module to
    Solaris)
    Maybe I'm fully false...

    And have you checked out the other lists etc. handling that problem?
    gooooogle is your friend ;-)

    _______
    Florian Verdet

    _______________________________________________
    Pam-list mailing list
    Pam-listredhat.com
    https://listman.redhat.com/mailman/listinfo/pam-list