For my sins I am assisting a friend in migrating from a 10 year old SuSE mail server to one running Ubuntu-18.04.
One of the things I need to do is migrate over about a dozen or so users--several of which are severely impaired when it comes to this interwebs/computer thing (think friend and elderly family).
What I have done in the past--and what I am trying to do now--is to simply lift the hash string out of /etc/shadow on one box and drop it into the new server whole.
Most of these users never log in to the server via the commandline, they only access it through IMAP or POP3 clients (including Courier SqWebMail).
However this isn't working this time.
I suspect that this is because the SuSE server used Blowfish as the hashing algorithm. The hashes on that server all start with $2a or $2y, which this snippet of man crypt_r states is Blowfish:
ID | Method
────────────────────────────────────────────────────
1 | MD5
2a | Blowfish, system-specific on 8-bit chars
2y | Blowfish, correct handling of 8-bit chars
All I can find close to this subject is something like this: How to change password encoding to blowfish for nis client using auth-client-config at ubuntu 18.04 and Acceptable Hashes by shadow which don't really have answers.
I've tried editing /etc/pam.d/common-password to include a line that says:
password [success=1 default=ignore] pam_unix.so obscure blowfish
but it didn't change the behavior.
My question is how do I get the current hashes to work under Ubuntu-18.04--once that is done I can force updates to better hash algorithms.
My fall back plan is to generate passwords for the users and have my friend hand them out.
