When using the account transfer tool, warn when the password hash contains an underscore
On CentOS 5 somes password hash's in /etc/shadow and in /home/*/etc/*/shadow contain underscores,
When you transfer an account with a hash that contains an underscore to a CentOS 6 server the transfer tool detects that the hash is wrong and generates a random password giving the following warning :
- The “Password” restore module failed because of an error: Failed to change password for “username”: Crypted password may only contain A-Z a-z 0-9 $ . / ! = *
We would like to be warned about this issue before starting the transfers so we can change the users password avec give them a new password before starting the transfer process so that the user is able to log in after the transfer.
It's possible to check this with the following commads :
- grep "_" /etc/shadow
- grep "_" /home/*/etc/*/shadow
When you know about it it's easy to check but in order to make the transfer user experience more user friendly, the check could be run automaticaly before the user launchs the transfer, maybe even allowing the user to specify a new password in the transfer tool interface.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
This is now available in 11.48+
This is now available in 11.48+
We are just going through a CentOS 5 to CentOS 6 migration and getting hit with this. I appreciate your documentation on how to spot the problem before transfers... this will help, even if cPanel does not implement any further assistance with it.
We are just going through a CentOS 5 to CentOS 6 migration and getting hit with this. I appreciate your documentation on how to spot the problem before transfers... this will help, even if cPanel does not implement any further assistance with it.
We have opened up case 155313 to investigate relaxing the validation to allow underscores to pass though even though they are technically not valid for a salt (http://man7.org/linux/man-pages/man3/crypt.3.html)
We have opened up case 155313 to investigate relaxing the validation to allow underscores to pass though even though they are technically not valid for a salt (http://man7.org/linux/man-pages/man3/crypt.3.html)
If they are not valid but would still work then ok about letting them through. However if they will cause any compatibility issues with centos 6 then we would prefer to have the warning instead of letting them through.
If they are not valid but would still work then ok about letting them through. However if they will cause any compatibility issues with centos 6 then we would prefer to have the warning instead of letting them through.
The investigation revealed that glibc handles these even though they are technically not documented as such. We will allow them to be restored in 11.48, however we will not create new ones with the underscores.
The investigation revealed that glibc handles these even though they are technically not documented as such. We will allow them to be restored in 11.48, however we will not create new ones with the underscores.
Thanks Nick! By the time 11.48 is out, I'll be done with CentOS 5 migrations... but this will still probably help some folks out there.
- Scott
Thanks Nick! By the time 11.48 is out, I'll be done with CentOS 5 migrations... but this will still probably help some folks out there.
- Scott
WOW! Well, then, it WILL help us out! (we're a STABLE shop, but still... there is hope!)
Thanks again! - Scott
WOW! Well, then, it WILL help us out! (we're a STABLE shop, but still... there is hope!)
Thanks again! - Scott
Nice ! We want to migrate a Centos 5 server to CentOS 6 server soon too !
Nice ! We want to migrate a Centos 5 server to CentOS 6 server soon too !
This is now available in 11.48+
This is now available in 11.48+
Replies have been locked on this page!