Copying Password Hashes
At work we don’t have central authentication. Unlikely that will change any time soon. My solution for the few Linux based workstations and laptops is keeping the local /etc authentication files synchronized with respect to the human user accounts.
I knew this strategy worked fine within the same distro. I have been doing this on the home network for many years.
I was a tad uncertain if the strategy would succeed across distros. Specifically the /etc/shadow password hashes. I wanted to migrate human user account authentication information from Ubuntu 16.04 to Debian 10 systems. While Ubuntu is based on Debian I have learned with some frustration that Ubuntu often deviates from the parent.
Some testing and reading proved the password hashes migrate across all Linux systems — under certain conditions.
The password hashes are stored in a specific format. While the data fields in the authentication files are delimited by colons (:), the hash field is further delimited with dollar signs ($). The format of the password hash looks like this:
$method$salt$hash
The first field is the encryption method used. The second field is a randomly generated encryption salt. The third field is the final hashed result.
To migrate the hashes across systems requires the method and salt be the same.
Posted: Category: Usability Tagged: General
Next: LibreOffice Slow to Launch
Previous: Dconf Madness