System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

How can I migrate user accounts from HP-UX 11iv2 to Red Hat Enterprise 5?

SOLVED
Go to solution

How can I migrate user accounts from HP-UX 11iv2 to Red Hat Enterprise 5?

We are currently testing the technical viability of utilising Red Hat 5 EL as a replacement for one of our HP-UX 11iV2 IA64 systems.

We have many local user accounts (2000 ish) that we would need to migrate (preferably including passwords) if we choose to take this direction, but I cannot determine how this might be achieved. Any ideas?

Also, the HP-UX OS is running is trusted mode (i.e. with a tcb database) just to make think interesting!


****Please don’t give advise as the pros and cons of HPUX verses RHEL, we have already spent much time investigating this area and the user migration is now our only blind (and untested) spot.****
8 REPLIES

Re: How can I migrate user accounts from HP-UX 11iv2 to Red Hat Enterprise 5?

Just so the search engine picks this one up; Red Hat is the LINUX variant we wish to test migration to.

I forgot to put the word Linux in the forum thread's header.

Aashique
Honored Contributor

Re: How can I migrate user accounts from HP-UX 11iv2 to Red Hat Enterprise 5?

Hi,
Just copy the /etc/passwd and /etc/shadow(if shadow installed) file.

Then in Linux create the user from the /etc/passwd file using awk script.

more /etc/passwd|awk -F":" '{print "mkdir /home/"$1}'>create-home.sh

more /etc/passwd|awk -F":" '{print "chown -R "$1":"$1 " /home/"$1}'>owner-user.sh

Using this format you can create.

Thanks & Regards
Aashique

Re: How can I migrate user accounts from HP-UX 11iv2 to Red Hat Enterprise 5?

Unfortunatly this will not do the trick because I have to consider the /tcb database where HPUX trusted systems keep extended login details. There is no /etc/shadow login.

Also HPUX and Linux assign different UIDs to systems users, hence I cannot simply copy over /etc/passwd and /etc/group.

Re: How can I migrate user accounts from HP-UX 11iv2 to Red Hat Enterprise 5?

Look into using the Redhat Linux utility

newusers

Also you could set the password to be changed at first login so the user could choose their own password again

http://kbase.redhat.com/faq/FAQ_43_4400.shtm

Re: How can I migrate user accounts from HP-UX 11iv2 to Red Hat Enterprise 5?

That looks very hopeful (newusers command), thanks Jo.

Now can anyone advise me how I might get the passwords (and other relevand data) our of the /tcb database on HPUX in a form that Red Hat Linux's newuser command will understand?

Thanks all for your contributions.

Heironimus
Honored Contributor
Solution

Re: How can I migrate user accounts from HP-UX 11iv2 to Red Hat Enterprise 5?

I'm not sure about the other attributes (expirations and such), but I may be able to shed a little light on the passwords. Trusted mode in HP-UX uses "bigcrypt" as its password hash. The pam_unix version on newer RHEL releases claims that it can recognize bigcrypt hashes. You should be able to use the hashes directly from HP's /tcb files. newusers looks like it wants a cleartext password, so you'd want to supply a dummy password and then use usermod to replace the hash (or script useradd instead of newusers).

Assuming that works, your next decision needs to be your permanent password hash. I think the typical default setup on current Linux systems will update the password hash to md5 on the next password change. You'll have to pull out your crystal ball and take a guess on what future migrations you might need - for example, I think HP-UX can use bigcrypt and not md5, but a lot of LDAP servers can use md5 and not bigcrypt.

Re: How can I migrate user accounts from HP-UX 11iv2 to Red Hat Enterprise 5?

Thanks, that's really useful information. Unfortunatly (well perhaps not) I'm off for a few days now and so will not be able to test until Wednesday.

Thanks again all.

Re: How can I migrate user accounts from HP-UX 11iv2 to Red Hat Enterprise 5?

All going. Thank you all for your help.

Here is the quick script (to be executed on our HP-UX OS) I've created that spits out the Linux commands to create the users as we want them to be:

#!/usr/bin/ksh
################################################################################
# Author: Ivan Delany #
# Created: 18 April 2008 #
# #
# Modification history: #
# #
# #
# Description: #
# Creates useradd commands to migrate all normal Fiscal users to Linux #
# #
# #
################################################################################

#Select all BDL users (not 3rd party users)

for user in `logins|awk '{print $1}'`
do

if ((`groups $user|grep bdc|wc -l` ==1)) then

#Verify user uid is above 501 and is not already in TTWORK group

if ((`id -u $user` > 501))
then
userprigroup=`id -nG $user|awk '{printf $1}'`
usergroups=`id -nG $user|awk '{for (i=2; i<=NF; i++) if (i == NF) printf $i ; else printf $i","}'`
comment=`cat /etc/passwd|awk -F":" -v userawk=$user '{if ($1 == userawk) print $5}'`
uid=`cat /etc/passwd|awk -F":" -v userawk=$user '{if ($1 == userawk) print $3}'`

# Get encrypted password from tcb database

firstchar=`echo $user|cut -c1-1`
password=`grep u_pwd /tcb/files/auth/$firstchar/$user`
password=${password#*=}
password=${password%:*}

if [[ $usergroups = "" ]]
then
echo "useradd -u $uid -s /bin/ksh -g $userprigroup -d /home/uvdls -c \"$comment\" -p $password $user"
else
echo "useradd -u $uid -s /bin/ksh -g $userprigroup -G $usergroups -d /home/uvdls -c \"$comment\" -p $password $user"
fi
echo "chage -d 0 $user"
fi
fi
done