Linux Shadow File

[-(Xyphox)-]

Hey Everyone,
I am working on a new email server converting from a old system to a new system
The UserName's and Passwords are stored in a shadow file right now that is encrypted.
Anyone know how i can do uncrypt them so i can merge them over.
I am using Debian 4.0

 

[inotocracy]

The shadow file is generated using a salt, which will vary per distro (IIRC). Your best bet would be to get a password cracker (like john the ripper) and go to town on it. Alternatively, you could just paste in the user's lines from the old shadow file and see if it works, and it might if the distro is the same.

 

[-(Xyphox)-]

The shadow file is generated using a salt, which will vary per distro (IIRC). Your best bet would be to get a password cracker (like john the ripper) and go to town on it. Alternatively, you could just paste in the user's lines from the old shadow file and see if it works, and it might if the distro is the same.

The copy from one to another will not work. Imap using plain text so it will not work. I need to get the crypted file to plain text.

 

[BillLeeLee]

The passwords are salted and then run through a one-way hash, directly attempting to reverse the password could take a while.

You just want to migrate account information to the new server:

http://www.debian-administration.org/articles/272
https://www.linuxquestions.org/ques...g-users-from-one-linux-box-to-another-394669/
https://www.linuxquestions.org/ques...ing-users-from-one-linux-server-to...-153506/

In the future, you might want to look into either NIS or LDAP.

 

[-(Xyphox)-]

We are going from Squirl Mail to Zimbra.
Zimbra is on Ubuntu
To migrate over we need the file to be in plain text

 

[Xipher]

Might as well just have people generate a new password. Any one who used a decent password may force you to go the brute force route, and that will take years if you ever get it.

 

[-(Xyphox)-]

Might as well just have people generate a new password. Any one who used a decent password may force you to go the brute force route, and that will take years if you ever get it.

I wanted to do this without having all the user's re do their passwords. I could change everyone's password but did not want to have to do that.. So there is no way to decrypt the file?

 

[PanzerBoxb]

No, there is no practical way to decrypt the existing passwords.

 

[SpaceHonkey]

No, there is no practical way to decrypt the existing passwords.

It's a feature - not a bug

 

[Xipher]

I wanted to do this without having all the user's re do their passwords. I could change everyone's password but did not want to have to do that.. So there is no way to decrypt the file?

For security reasons it's a 1 way hash just to make it difficult to do that very thing. If it was a 2 way encryption it would make password cracking far too easy.

I will reiterate, the passwords are not "encrypted" they are hashed. This is a 1 way street, you don't decrypt them.
Verification actually hashes the input to check if it matches and if so has confirmed the password.

Either figure out how to use md5hashes for your users passwords or have them generate new ones.

 

[-(Xyphox)-]

any other thoughts?

 

[eloj]

If the old system is in use, you can modify it to record the plaintext passwords that pass.

I do however consider this a bad idea. You've already been given the correct solution; new system, new passwords.