I am writing this blog for the audience who want to migrate OS users along with SAP Application, DB from one source OS environment to different OS environment. Like we migrated all SAP systems running on RHEL6.1 in source and RHEL8.2 in target.
Below steps need to be performed so that OS users can be migrated to target without the loss of passwords.
Back up these files: as they are very important for OS operations
/etc/pam.d/system-auth
/etc/libuser.conf
/etc/login.defs
/etc/shadow
- Run these commands to assign edit permissions to the system-auth, conf, and login.defs files:
cd /etc
chmod 644 pam.d/system-auth
chmod 644 libuser.conf
- Open the /etc/pam.d/system-auth file using a text editor.
- Search for the password sufficient entry in the file, similar to:password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow
- Replace the existing hash key (md5, des, or sha256) with md5 or append md5, if there is no existing key. For example:password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow md5
- Open the /etc/libuser.conf file using a text editor.
Change crypt_style = sha512 to crypt_style = md5
- Open the /etc/login.defsfile using a text editor
Add MD5_CRYPT_ENAB yes
Change ENCRYPT_METHOD to MD5
- Change the permission back to original
chmod 444 pam.d/system-auth
chmod 444 libuser.conf
chmod 444 login.defs
8. Last step would be to copy users from /etc/passwd file and passwords from /etc/shadow file. Testing can be done by using same password to log in on new server.
Conclusion:
This method is tested and verified that Higher linux version can support old password encryption algorithm. Above steps will reduce the work of recreation of 1000+ local OS users in new server environment. End users can still login to their server using same DNS name using same passwords.
Kindly provide your kind feedback and suggestions in comment section.
