Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Aix Password Migration from 4.3 to 5.2

45 views
Skip to first unread message

mark....@gmail.com

unread,
Jun 29, 2006, 11:37:52 AM6/29/06
to
I have a list of 500+ users and when I move them to the new machine I
want them to keep the same password. I was hoping to copy over the
passwd files to the new machine but it turns out the encryption of the
password is different. Does anyone know a solution to this issue?

Hajo Ehlers

unread,
Jun 29, 2006, 11:57:09 AM6/29/06
to

I never heard of a change in the password encryption. But i would not
copy the file because on AIX 5.2 you might have new system account (
Maybe or not )

Best would be to write a script that gets the old user & password
relation ship and use the chpasswd command to change the user accounts.

AIX 4.3
cat /MyOld/etc/security/passwd | egrep ":$|password|^$"|\
awk 'BEGIN { RS="" } ($4 != "*" ) { print $1$4 }' > password.list

AIX 5.2
cat password.list | chpasswd

hth
Hajo

Message has been deleted

a...@mail.com

unread,
Jun 29, 2006, 2:36:50 PM6/29/06
to


uuhh.. nevermind the message that i just removed...
anyhow... add '-e' to chpasswd for using the encrypted passwd.

but i've never seen any problems with directly copying the files
between machines..

damboni

unread,
Jun 30, 2006, 4:02:58 AM6/30/06
to
Remove the encryption first, copy the /etc/passwd to the new machine
and encrypt it back

man pwconv

man pwunconv

check /etc/security, there are few things to be done there as well.

There are a lot of nice posts on these group regarding migration

http://groups.google.com/group/comp.unix.aix/search?group=comp.unix.aix&q=user+migration&qt_g=1&searchnow=Search+this+group


hth

Bela

unread,
Jun 30, 2006, 6:22:28 AM6/30/06
to
damboni <aleksandar...@gmail.com> wrote:
d> Remove the encryption first, copy the /etc/passwd to the new machine
d> and encrypt it back
d>
d> man pwconv
d> man pwunconv
d>

Which fileset has these commands?
On AIX 4.3/5.3 whichlpp and which_fileset turn up nothing; I suspect, it's
a Linux thing.

--
"... I shook my family tree, and a bunch of NUTS fell out ..."

0xDEADABE

unread,
Jun 30, 2006, 6:24:47 PM6/30/06
to
I did this back in January. I made sure that I removed duplicate system
accounts from /etc/passwd and /etc/security/passwd. I copied over the
home directories, appended the user accounts on to the above files from
the differences, and discovered that I had serious problems with my
non-default rules. I didn't do the same thing with
/etc/security/lastlog. I had to loosen up my rules temporarily and let
the lastlog get re-populated with all of the user's activity, then I
tightened it back up again. I haven't tried this by gleaning the old
lastlog, but just as a vote for "it can be done that way", you would
need to be mindful of this. So, it can be done, but think it through.
This was a no-brainer on a SVR4 based UNIX, it isn't so pretty on AIX.

RV

unread,
Jul 7, 2006, 8:16:16 AM7/7/06
to

I've done it before without any problems (moving users from Aix 4.3.3 to
Aix 5.3 actually). Big things to remember is if the user already exists
on the 5.3 box it can get messy and as mentioned try to keep your
security settings the same between the 5.x box and 4.3.3 box when you
transfer the accounts. I even wrote a script to package up all the users
from the old box and then "add" them onto the new box.

I have included the scripts in the message as I'm not able to get at the
source files at the moment (To attache).It's not pretty, but it has
worked for me without any complaints. (or at least none that I have been
informed of).

YMMV

This is the script that packages up the accounts.....
TMPDIR=/tmp
DATA=/usr/local/adm/bin/usertrans1.data
#Initial Setup
rm -Rf $TMPDIR/usertrans
mkdir $TMPDIR/usertrans
cp /dev/null $TMPDIR/usertrans/user.list 2> /dev/null

# - Grab Group Information (Listing of all groups users belong to)
grep -f /usr/local/adm/bin/usertrans1.data /etc/group | awk -F: {'print
$1":"$3'} > $TMPDIR/usertrans/groups.data
# - read in each user
cat $DATA | while read u1; do
# - Verify that each user has it's group (and no double listings)
grep $u1 /etc/group | awk -F: {'print $1, $3'} | while read x1 x2; do
if [[ -z "`grep -x $x1:$x2 $TMPDIR/usertrans/groups.data`" ]]
then
echo "$x1:$x2" >> $TMPDIR/usertrans/groups.data
fi
done
# - Read in id and other information
lsuser -a id pgrp groups $u1 | read t1 t2
# - Read in Group information
lsuser -a pgrp groups $u1 | read gr1 gr2
# - Set the Input Field Seperator
IFS=:
# - Read in the home directory and Gecos fields
lsuser -c -a gecos home $u1 | grep -v ^# | read g1 g2 g3
unset IFS
# - Only tar up /home directories, tar up only "dot" files for non /home
if [[ -n "`echo $g3 | grep /home`" ]]
then
tar -cdvf $TMPDIR/usertrans/$u1.tar $g3
else
tar -cdvf $TMPDIR/usertrans/$u1.tar $g3/.[a-z]*
fi
lsuser -a admin $u1 | read a1 a2
# - Read in the Shell
lsuser -a shell $u1 | read s1 s2
if [[ $s2 = "shell=/bin/csh" ]] || [[ $s2 = "shell=/usr/bin/csh" ]]
then
SHELL=$s2
else
SHELL=""
fi
grep -p $u1 /etc/security/passwd > $TMPDIR/usertrans/$u1.psw
grep -p $u1: /etc/security/user > $TMPDIR/usertrans/$u1.user
grep -p $u1: /etc/security/limits > $TMPDIR/usertrans/$u1.limits
echo "chuser $gr2 $u1" > $TMPDIR/usertrans/$u1.chuser
case $a2 in
admin=false ) echo "mkuser $t2 $SHELL gecos=\"$g2\" home=\"$g3\"
$u1" > $TMPDIR/usertrans/$u1.mkuser
;;
admin=true ) echo "mkuser -a $t2 $SHELL gecos=\"$g2\" home=\"$g3\"
$u1" > $TMPDIR/usertrans/$u1.mkuser
;;
esac
chmod +x $TMPDIR/usertrans/$u1.mkuser
echo $u1 $g3 >> $TMPDIR/usertrans/user.list
done
tar -cvf $TMPDIR/usertrans.tar -C $TMPDIR usertrans


This is the script that add's them to the target system.

TMPF=/tmp/usertrans.tar
TMPD=/tmp
#Backup /etc/passwd
cp /etc/passwd /etc/passwd.$$
cp /etc/group /etc/group.$$
#1. First untar the transfered files
cd $TMPD
tar -xvf $TMPF
rm $TMPF
#Create the groups that users will use.
echo "...Setting up base groups"
awk -F: {'print $1,$2'} $TMPD/usertrans/groups.data | {
while read t1 t2 ; do
CMD="mkgroup -A id=$t2"
CMD=$CMD" $t1"
$CMD
done
}
cat $TMPD/usertrans/user.list | while read u1 u2; do
# 1. Check if user is already on system
if [[ -n "`grep $u1:!: /etc/passwd 2> /dev/null`" ]]
then
echo "User - $u1 already exists"
echo "....Checking home directory"
echo "....Backing up possiably newer system profiles"
tar -cvf $TMPD/$$.tar -C $u2 .cshrc .dtlogin .dtprofile .kshrc
.login .logout .profile
echo "....untaring the transfered datafiles"
tar -xvf $TMPD/usertrans/$u1.tar
echo "....untarring the possiably newer system profiles"
cd $u2
tar -xvf $TMPD/$$.tar
rm $TMPD/$$.tar
else
echo "User - $u1 doesn't exist"
echo "....untaring the transfered datafiles"
tar -xvf $TMPD/usertrans/$u1.tar
echo "....Adding user's password information"
cat $TMPD/usertrans/$u1.psw >> /etc/security/passwd
cat $TMPD/usertrans/$u1.psw >> /etc/security/opasswd
cat $TMPD/usertrans/$u1.user >> /etc/security/user
cat $TMPD/usertrans/$u1.limits >> /etc/security/limits
echo "....Adding user"
$TMPD/usertrans/$u1.mkuser
echo "....Enabling user"
echo "1" > /tmp/ex.$$
echo "g/$u1:*:/s/*/!/" >> $TMPD/ex.$$
echo "wq" >> $TMPD/ex.$$
ex /etc/passwd < $TMPD/ex.$$
rm $TMPD/ex.$$
fi
done

0 new messages