migrate debian 8 user (SHA512 encrypted with $6 tag) to LDAP

Question

I have a problem with migrating local user from debian 8 to LDAP.

As you know debian 6 and above use SHA512 as standard user password encryption. in the shadow file it shows the password with "$6" tag at the start.

I use the recommended migrate tool from http://www.padl.com/OSS/MigrationTools.html

but when I try to migrate the user. it gives me

{crypt}x

instead of

{CRYPT}<salt>$<hashed password>

Usually when migrating existing user to LDAP, I migrate user from older debian (debian 5 or before). in which the user are encrypted using MD5 with salt. the tools always works with small modification.

Is there any way for me to migrate local user with SHA512 Hashed password to LDAP?

Thank you for any help or reply.

Answer 1

The migrate_passwd.pl only parses the password file you give it as an argument, but this only works for old style (i.e. non-shadow password) systems. Systems with shadow password files only store an 'x' character in that file, the real password is stored in /etc/shadow.

Looking at the source of that script it should do this. But, alas, you need to be root to read /etc/shadowand the script silently fails when run without privileges. So, a simple:

sudo ./migrate_passwd.pl /etc/passwd

should fix your problems.