Password encryption - migration user accounts from SuSe to RedHat

brusell · June 7, 2013, 8:03am

Hello guys,
I'm currently working on replacing old server and it's migration from SuSe

SUSE Linux Enterprise Server 10 (x86_64)
VERSION = 10
PATCHLEVEL = 4

to the RedHat

Red Hat Enterprise Linux Server release 6.4 (Santiago)

Problem seems be in migration of users passwords, respectively in password encryption.

On SuSe is used des encryption

cat /etc/default/passwd | grep CRYPT
CRYPT=des

but in /etc/shadow I see:

user1:$1$gDXlJQcH$1Z5otL/07nPZJtF8VVaGY0:15552:1:93:7:::
user2:$2a$04$Osw2KnOXMJjDvYuvtoJAked1cnjXBF3RRpJhqmi21.C1nQrQ89jNi:15580::::::

So it looks that some from passwords are encrypted with MD5, and some of them with Blowfish. Is my suggestion right??

While RedHat is using SHA512

cat /etc/login.defs | grep CRYP
ENCRYPT_METHOD SHA512
MD5_CRYPT_ENAB no

I would like ask if is possible to convert current passwords from MD5 and Blowfish to the SHA512 and use them directly on new RedHat server??

Many thanks for hints.

cjcox · June 7, 2013, 12:01pm

You can't convert. Just wipe out the password and reset them on the Red Hat side. You can also pre-generate the SHA512 hash if you want and fill that in (e.g. you might do this for root). Alternatively you could try to match up auth hash support, but since there were some bugs notably in blowfish... that might be harder than it sounds.

Corona688 · June 7, 2013, 12:49pm

Agreed, you can't convert. The entire point of keeping passwords in hashes is because you cannot reverse them. You can only compare a hash to another hash.