System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Moving users password from 2 trusted system

Kurt Aguiluz
Occasional Visitor

Moving users password from 2 trusted system

Hi,

We're curretly migrating all our production server users to a new server and both machines are already converted to "trusted system". The production machines runs on hpux 11.11 while the new server runs on hpux 11.23.

My question is, how do I transfer all our users with current password to the new machine? Is there a way we can retain their current password on the machine?

Any guides or instructions will be greatly appreciated.

Thanks
6 REPLIES
Steven E. Protter
Exalted Contributor

Re: Moving users password from 2 trusted system

Shalom,

Transfer all the files in /tcb folder. That will do the job.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Tim Nelson
Honored Contributor

Re: Moving users password from 2 trusted system

I second SEP's suggestion.

on source:
tar cvf pass.tar /tcb/files/auth

ftp pass.tar to destination

on destintation:
tar xvf pass.tar

***beware this will also include root's password, policy defaults, and individuals policies and expirations.

Jim Walls
Trusted Contributor

Re: Moving users password from 2 trusted system

Transferring the entire /tcb database is not a good idea. It will include root
and all the other "system" accounts that already exist in the new server. You
also need to capture the contents of /etc/passwd and /etc/group as well.

A better approach is to:
1. reconcile /etc/group between the two systems
2. make a list of the candidate users, their default groups
and other details from /etc/passwd on the source server

3. use this list to create the users in the target server
useradd -m -g -c "name, phone etc" -s

4. fix up any additional group memberships
id # on the source server tells you the groups

5 use the list to locate the /tcb/files/auth/... file
for each user:
Extract the encrypted password from the file:
(grep :u_pwd= /tcb/files/auth/?/ | cut -f2 -d= | cut -f1 -d:)

6 use the same list to fix up the passwords and unlock
each user on the target server:
/usr/sam/lbin/usermod.sam -p
/usr/lbin/modprpw -v # resets password expiry
/usr/lbin/modprpw -k # ensure user is unlocked

This process may appear to be long and laborious but it is easily scripted and
using ssh, the whole process can be controlled from the source server. The main
consideration is that only the appropriate tools are used to set up the users on the new server.

Good luck ;O)
Johnson Punniyalingam
Honored Contributor

Re: Moving users password from 2 trusted system

>>>My question is, how do I transfer all our users with current password to the new machine? Is there a way we can retain their current password on the machine?<<<<<<<<<<

As mentioned by >>SEP<<

if the System is trusted. "User passwords are stored under /tcb/file/auth/
make sure you copy /etc/passwd /etc/group file from (Old Server to New Server)

from Production Server HPUX 11.11

To create a tar you can use

# tar -cvf destination(tcb.tar) source(/tcb)

ftp /scp/sftp "tcb.tar" file to New Server HPUX 11.23

to untar you can use

# tar -xvf destination(path of new dir) source(tcb.tar)

# /usr/lbin/modprpw -V

NOTE: That is a capital V not lowercase v.

this will enable all the accounts


Problems are common to all, but attitude makes the difference
Kapil Jha
Honored Contributor

Re: Moving users password from 2 trusted system

other system(bin etc) users are there only to support there fucntion, they are NOT used to log in server so I suppose there is no need to go to the long process [ALTHOUGH that process explains if you have to move only a couple of account], since its a new system you can move all the files to new one and unlock.

BR,
Kapil+
I am in this small bowl, I wane see the real world......
Kurt Aguiluz
Occasional Visitor

Re: Moving users password from 2 trusted system

Hi,

Thank you so much to all your replies. What I did is just copy /etc/passwd, /etc/group on the new server, convert the system to trusted and then extract the tcb tar on the new server. Just make sure that you have another root account open on a separate window. Will go from here and see what other things it may result. Thanks Again

Kurt