We have an old RH7.3 server that holds all of our user accounts. I'm in the process of upgrading everything to FC10 and looking at /etc/shadow I'm noticing some differences in the way the passwords are encrypted/stored.
RH7.3's string looks like this: $1$9cgDnjV/$SLqsoxfwr6tr3o7QkdQ3j1
Whereas FC10 looks like:
$6$KS2xrBPJ$jXiz1pE9Lpcb8sSSU0ZHifeN9wBwc.k7GdWO4KIJ3F2JqEw/1mD7bPO6b4jvRXiyXrQn0noWPfs.0h6/tjKbe0
I tried simply copying the old shadow file to a new FC10 server and it seems to work just fine, however I wonder if I'm not breaking something else by doing that. So, what's the proper way to do this? I really don't want to have to reset everyone's password (at least not till they reach their forced expiration.)
Thanks.
-- A
Ashley M. Kirchner wrote:
We have an old RH7.3 server that holds all of our user accounts.I'm in the process of upgrading everything to FC10 and looking at /etc/shadow I'm noticing some differences in the way the passwords are encrypted/stored.
Different hashing algorithms. (The new one is more secure.)
I tried simply copying the old shadow file to a new FC10 server andit seems to work just fine, however I wonder if I'm not breaking something else by doing that. So, what's the proper way to do this? I really don't want to have to reset everyone's password (at least not till they reach their forced expiration.)
There's no way to convert the passwords automatically as the hashes used are not reversible by design (otherwise it would just be cheap obfuscation and add no real security).
Kevin Kofler
Kevin Kofler wrote:
There's no way to convert the passwords automatically as the hashes used are not reversible by design (otherwise it would just be cheap obfuscation and add no real security).
Considering the old method seems to work just fine on FC10, what could I be breaking if I just do that? Do a clean FC10 install, then recover the pertinent files from backup, including that /etc/shadow file which has everyone's current passwords.
Sooner or later, everyone will have their password expire and it becomes a moot point, but till then, can I expect things to run fine?
Ashley M. Kirchner wrote:
Kevin Kofler wrote:
There's no way to convert the passwords automatically as the hashes used are not reversible by design (otherwise it would just be cheap obfuscation and add no real security).
Considering the old method seems to work just fine on FC10, what could I be breaking if I just do that? Do a clean FC10 install, then recover the pertinent files from backup, including that /etc/shadow file which has everyone's current passwords.
Sooner or later, everyone will have their password expire and it becomes a moot point, but till then, can I expect things to run fine?
Beware the use of the new password scheme if this is a NIS master server and you have any NIS clients that aren't RH/Fedora (recent) machines. I have a mixed bag of AIX, SunOS (8 and 10), and Linux (old RH and newer Fedora) and I had to force the use of the old password algorithms as SunOS 8 and older AIX can't handle the new scheme.
Kevin
Kevin Martin wrote, On 02/03/2009 10:25 AM:
Ashley M. Kirchner wrote:
Kevin Kofler wrote:
There's no way to convert the passwords automatically as the hashes used are not reversible by design (otherwise it would just be cheap obfuscation and add no real security).
Considering the old method seems to work just fine on FC10, what could I be breaking if I just do that? Do a clean FC10 install, then recover the pertinent files from backup, including that /etc/shadow file which has everyone's current passwords.
Sooner or later, everyone will have their password expire and it becomes a moot point, but till then, can I expect things to run fine?
Beware the use of the new password scheme if this is a NIS master server and you have any NIS clients that aren't RH/Fedora (recent) machines. I have a mixed bag of AIX, SunOS (8 and 10), and Linux (old RH and newer Fedora) and I had to force the use of the old password algorithms as SunOS 8 and older AIX can't handle the new scheme.
Kevin
Ashley should also be aware that (at least in my experience), NIS/yppasswd/passwd will use the type of password last set for the user. i.e., when we got rid of our last SunOS box, I had to remove each user's password and have them immediately set a new one, specifically using the `passwd` program to get into the md5sum schema, so it may not be as easy as letting everyone's passwords expire.
Hi,
I accidentally deleted the NetworkManager Applet from my task bar. How do I get it back and is there a method to start networking from the command line.
James
- start nm daemon
# /etc/init.d/NetworkManager start
- add to system startup
# chkconfig NetworkManager on
Regards,
- - iarly selbir ( ski0s )
:wq!
On Tue, Feb 3, 2009 at 1:17 PM, James Harrison <jamesaharrisonuk@yahoo.co.uk
wrote:
Hi,
I accidentally deleted the NetworkManager Applet from my task bar. How do I get it back and is there a method to start networking from the command line.
James
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
This happens by default. None of this has changed, its just the small icon in the task bar
________________________________ From: iarly selbir iarlyy@gmail.com To: "Community assistance, encouragement, and advice for using Fedora." fedora-list@redhat.com Sent: Tuesday, February 3, 2009 11:25:21 AM Subject: Re: I lost the NetworkManager Applet
- start nm daemon
# /etc/init.d/NetworkManager start
- add to system startup
# chkconfig NetworkManager on
Regards,
- - iarly selbir ( ski0s )
:wq!
On Tue, Feb 3, 2009 at 1:17 PM, James Harrison jamesaharrisonuk@yahoo.co.uk wrote:
Hi,
I accidentally deleted the NetworkManager Applet from my task bar. How do I get it back and is there a method to start networking from the command line.
James
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
James Harrison wrote:
This happens by default. None of this has changed, its just the small icon in the task bar
You can run nm-applet to restart the applet.
Also, please check the list guidelines. Both top-posting and replying to an existing message to start a new thread are discouraged.
http://fedoraproject.org/wiki/Communicate/MailingListGuidelines#top http://fedoraproject.org/wiki/Communicate/MailingListGuidelines#newsubject
Thanks for that. I think I tried that though.
I will try it again tonight.
Sorry for using an old message to start my message.
________________________________ From: Todd Zullinger tmz@pobox.com To: fedora-list@redhat.com Sent: Tuesday, February 3, 2009 11:36:39 AM Subject: Re: I lost the NetworkManager Applet
James Harrison wrote:
This happens by default. None of this has changed, its just the small icon in the task bar
You can run nm-applet to restart the applet.
Also, please check the list guidelines. Both top-posting and replying to an existing message to start a new thread are discouraged.
http://fedoraproject.org/wiki/Communicate/MailingListGuidelines#top http://fedoraproject.org/wiki/Communicate/MailingListGuidelines#newsubject
On 2/3/09, James Harrison jamesaharrisonuk@yahoo.co.uk wrote:
This happens by default. None of this has changed, its just the small icon in the task bar
From: iarly selbir iarlyy@gmail.com To: "Community assistance, encouragement, and advice for using Fedora." fedora-list@redhat.com Sent: Tuesday, February 3, 2009 11:25:21 AM Subject: Re: I lost the NetworkManager Applet
- start nm daemon
# /etc/init.d/NetworkManager start
- add to system startup
# chkconfig NetworkManager on
Is nm-applet still running? You can determine whether nm-applet is running by typing "ps aux | grep nm-applet". If that command only returns "grep nm-applet" as the only running process, nm-applet can be restarted by typing "nm-applet &" from the command line.
Rod
I just got home. It is running nm-applet is running but no icon. I tried restarting NetworkManager. Still no icon
I got it back, but by a fluke. I right clicked on the panel at the top of the screen and "Add to panel..." I selected the "Notification area..." Icon in the list and the NetworkManager Icon reappeared.
James
________________________________ From: Rodney Morris rodamorris@gmail.com To: "Community assistance, encouragement, and advice for using Fedora." fedora-list@redhat.com Sent: Tuesday, February 3, 2009 11:37:50 AM Subject: Re: I lost the NetworkManager Applet
On 2/3/09, James Harrison jamesaharrisonuk@yahoo.co.uk wrote:
This happens by default. None of this has changed, its just the small icon in the task bar
From: iarly selbir iarlyy@gmail.com To: "Community assistance, encouragement, and advice for using Fedora." fedora-list@redhat.com Sent: Tuesday, February 3, 2009 11:25:21 AM Subject: Re: I lost the NetworkManager Applet
- start nm daemon
# /etc/init.d/NetworkManager start
- add to system startup
# chkconfig NetworkManager on
Is nm-applet still running? You can determine whether nm-applet is running by typing "ps aux | grep nm-applet". If that command only returns "grep nm-applet" as the only running process, nm-applet can be restarted by typing "nm-applet &" from the command line.
Rod
On Wed, 2009-02-04 at 01:54 +0000, James Harrison wrote:
I just got home. It is running nm-applet is running but no icon. I tried restarting NetworkManager. Still no icon
I got it back, but by a fluke. I right clicked on the panel at the top of the screen and "Add to panel..." I selected the "Notification area..." Icon in the list and the NetworkManager Icon reappeared.
James
So you must have killed the whole notification area. That would have taken out the power icon and the Bluetooth icon (if you had it) and some others as well (root auth, setroubleshooter, updates, etc).
Kevin Kofler wrote:
Ashley M. Kirchner wrote:
We have an old RH7.3 server that holds all of our user accounts.I'm in the process of upgrading everything to FC10 and looking at /etc/shadow I'm noticing some differences in the way the passwords are encrypted/stored.
Different hashing algorithms. (The new one is more secure.)
I tried simply copying the old shadow file to a new FC10 server andit seems to work just fine, however I wonder if I'm not breaking something else by doing that. So, what's the proper way to do this? I really don't want to have to reset everyone's password (at least not till they reach their forced expiration.)
There's no way to convert the passwords automatically as the hashes used are not reversible by design (otherwise it would just be cheap obfuscation and add no real security).
Kevin Kofler
You could always try expiring the password early. Try it with your own password, and see if changing it converts it to the new hash... I seam to remember reading something about that working, but I am a bit hazy about it.
Mikkel
-
Ashley M. Kirchner -
iarly selbir -
James Harrison -
Kevin Kofler -
Kevin Martin -
Matthew Saltzman -
Mikkel -
Rodney Morris -
Todd Denniston -
Todd Zullinger