Linux Shadow File

-(Xyphox)-

Supreme [H]ardness
Joined
Sep 9, 2004
Messages
6,518
Hey Everyone,
I am working on a new email server converting from a old system to a new system
The UserName's and Passwords are stored in a shadow file right now that is encrypted.
Anyone know how i can do uncrypt them so i can merge them over.
I am using Debian 4.0
 

inotocracy

Supreme [H]ardness
Joined
Jul 25, 2004
Messages
5,625
The shadow file is generated using a salt, which will vary per distro (IIRC). Your best bet would be to get a password cracker (like john the ripper) and go to town on it. Alternatively, you could just paste in the user's lines from the old shadow file and see if it works, and it might if the distro is the same.
 

-(Xyphox)-

Supreme [H]ardness
Joined
Sep 9, 2004
Messages
6,518
The shadow file is generated using a salt, which will vary per distro (IIRC). Your best bet would be to get a password cracker (like john the ripper) and go to town on it. Alternatively, you could just paste in the user's lines from the old shadow file and see if it works, and it might if the distro is the same.

The copy from one to another will not work. Imap using plain text so it will not work. I need to get the crypted file to plain text.
 

BillLeeLee

[H]F Junkie
Joined
Jul 2, 2003
Messages
13,486

-(Xyphox)-

Supreme [H]ardness
Joined
Sep 9, 2004
Messages
6,518
We are going from Squirl Mail to Zimbra.
Zimbra is on Ubuntu
To migrate over we need the file to be in plain text
 

Xipher

2[H]4U
Joined
Mar 15, 2004
Messages
2,621
Might as well just have people generate a new password. Any one who used a decent password may force you to go the brute force route, and that will take years if you ever get it.
 

-(Xyphox)-

Supreme [H]ardness
Joined
Sep 9, 2004
Messages
6,518
Might as well just have people generate a new password. Any one who used a decent password may force you to go the brute force route, and that will take years if you ever get it.

I wanted to do this without having all the user's re do their passwords. I could change everyone's password but did not want to have to do that.. So there is no way to decrypt the file?
 

Xipher

2[H]4U
Joined
Mar 15, 2004
Messages
2,621
I wanted to do this without having all the user's re do their passwords. I could change everyone's password but did not want to have to do that.. So there is no way to decrypt the file?

For security reasons it's a 1 way hash just to make it difficult to do that very thing. If it was a 2 way encryption it would make password cracking far too easy.

I will reiterate, the passwords are not "encrypted" they are hashed. This is a 1 way street, you don't decrypt them.
Verification actually hashes the input to check if it matches and if so has confirmed the password.

Either figure out how to use md5hashes for your users passwords or have them generate new ones.
 

eloj

2[H]4U
Joined
Dec 31, 2000
Messages
3,612
If the old system is in use, you can modify it to record the plaintext passwords that pass.

I do however consider this a bad idea. You've already been given the correct solution; new system, new passwords.
 
Top