When I copy /etc/shadow to another system, is it possible to login with the according passwords?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












I am asking, because I generated a live CD using the hash from an existing /etc/shadow, assuming I will then be able to login with the corresponding password, but apparently login fails.




linux password shadow




share|improve this question


























    up vote
    3
    down vote

    favorite












    I am asking, because I generated a live CD using the hash from an existing /etc/shadow, assuming I will then be able to login with the corresponding password, but apparently login fails.




    linux password shadow




    share|improve this question
























      up vote
      3
      down vote

      favorite









      up vote
      3
      down vote

      favorite











      I am asking, because I generated a live CD using the hash from an existing /etc/shadow, assuming I will then be able to login with the corresponding password, but apparently login fails.




      linux password shadow




      share|improve this question














      I am asking, because I generated a live CD using the hash from an existing /etc/shadow, assuming I will then be able to login with the corresponding password, but apparently login fails.





      linux password shadow





      share|improve this question













      share|improve this question




      share|improve this question








      edited Oct 30 '17 at 17:49









      G-Man

      11.6k82657




      11.6k82657










      asked Oct 30 '17 at 15:09









      user569825

      28229




      28229




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          6
          down vote



          accepted










          It's possible if



          1. the target system uses shadow passwords, and


          2. /etc/shadow is not overridden by other mechanisms (via PAM, nss, etc.), and

          3. the target system doesn't hash /etc/shadow, and

          4. the target system has the same usernames as the source system, and

          5. the UIDs on the target system are the same as the UIDs on the source system, and

          6. the encryption methods used by the passwords need to be supported on the target system, and


          7. /etc/passwd on the target system must be in sync with the injected /etc/shadow.

          I hope I didn't forget anything. :)



          The easier (and safer) way to do it is to use vipw to save credentials for the relevant users on the source system, then copy them on the target system






          share|improve this answer






















          • Multiple encryption methods are available in glibc.
            – Christopher
            Oct 30 '17 at 15:50










          • Yes, the encryption methods used by the passwords need to be supported on the target system. That's unlikely to be a problem these days.
            – Satō Katsura
            Oct 30 '17 at 16:03










          • It’s implied by your #4 and #5, but it might be clearer if you explicitly said that the /etc/passwd  on the target system must be in sync with the injected /etc/shadow.
            – G-Man
            Oct 30 '17 at 17:47










          • @G-Man Edited. Now it's redundant, but oh well. :)
            – Satō Katsura
            Oct 30 '17 at 17:49










          • To move users and their passwords, I found it easiest to create them on the new system, and then grep their entries from shadow: egrep "^(jane|joe):" /etc/shadow. Then do a replace in shadow.
            – hschou
            Oct 31 '17 at 7:08











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f401420%2fwhen-i-copy-etc-shadow-to-another-system-is-it-possible-to-login-with-the-acco%23new-answer', 'question_page');

          );

          Post as a guest

















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          6
          down vote



          accepted










          It's possible if



          1. the target system uses shadow passwords, and


          2. /etc/shadow is not overridden by other mechanisms (via PAM, nss, etc.), and

          3. the target system doesn't hash /etc/shadow, and

          4. the target system has the same usernames as the source system, and

          5. the UIDs on the target system are the same as the UIDs on the source system, and

          6. the encryption methods used by the passwords need to be supported on the target system, and


          7. /etc/passwd on the target system must be in sync with the injected /etc/shadow.

          I hope I didn't forget anything. :)



          The easier (and safer) way to do it is to use vipw to save credentials for the relevant users on the source system, then copy them on the target system






          share|improve this answer






















          • Multiple encryption methods are available in glibc.
            – Christopher
            Oct 30 '17 at 15:50










          • Yes, the encryption methods used by the passwords need to be supported on the target system. That's unlikely to be a problem these days.
            – Satō Katsura
            Oct 30 '17 at 16:03










          • It’s implied by your #4 and #5, but it might be clearer if you explicitly said that the /etc/passwd  on the target system must be in sync with the injected /etc/shadow.
            – G-Man
            Oct 30 '17 at 17:47










          • @G-Man Edited. Now it's redundant, but oh well. :)
            – Satō Katsura
            Oct 30 '17 at 17:49










          • To move users and their passwords, I found it easiest to create them on the new system, and then grep their entries from shadow: egrep "^(jane|joe):" /etc/shadow. Then do a replace in shadow.
            – hschou
            Oct 31 '17 at 7:08















          up vote
          6
          down vote



          accepted










          It's possible if



          1. the target system uses shadow passwords, and


          2. /etc/shadow is not overridden by other mechanisms (via PAM, nss, etc.), and

          3. the target system doesn't hash /etc/shadow, and

          4. the target system has the same usernames as the source system, and

          5. the UIDs on the target system are the same as the UIDs on the source system, and

          6. the encryption methods used by the passwords need to be supported on the target system, and


          7. /etc/passwd on the target system must be in sync with the injected /etc/shadow.

          I hope I didn't forget anything. :)



          The easier (and safer) way to do it is to use vipw to save credentials for the relevant users on the source system, then copy them on the target system






          share|improve this answer






















          • Multiple encryption methods are available in glibc.
            – Christopher
            Oct 30 '17 at 15:50










          • Yes, the encryption methods used by the passwords need to be supported on the target system. That's unlikely to be a problem these days.
            – Satō Katsura
            Oct 30 '17 at 16:03










          • It’s implied by your #4 and #5, but it might be clearer if you explicitly said that the /etc/passwd  on the target system must be in sync with the injected /etc/shadow.
            – G-Man
            Oct 30 '17 at 17:47










          • @G-Man Edited. Now it's redundant, but oh well. :)
            – Satō Katsura
            Oct 30 '17 at 17:49










          • To move users and their passwords, I found it easiest to create them on the new system, and then grep their entries from shadow: egrep "^(jane|joe):" /etc/shadow. Then do a replace in shadow.
            – hschou
            Oct 31 '17 at 7:08













          up vote
          6
          down vote



          accepted







          up vote
          6
          down vote



          accepted






          It's possible if



          1. the target system uses shadow passwords, and


          2. /etc/shadow is not overridden by other mechanisms (via PAM, nss, etc.), and

          3. the target system doesn't hash /etc/shadow, and

          4. the target system has the same usernames as the source system, and

          5. the UIDs on the target system are the same as the UIDs on the source system, and

          6. the encryption methods used by the passwords need to be supported on the target system, and


          7. /etc/passwd on the target system must be in sync with the injected /etc/shadow.

          I hope I didn't forget anything. :)



          The easier (and safer) way to do it is to use vipw to save credentials for the relevant users on the source system, then copy them on the target system






          share|improve this answer














          It's possible if



          1. the target system uses shadow passwords, and


          2. /etc/shadow is not overridden by other mechanisms (via PAM, nss, etc.), and

          3. the target system doesn't hash /etc/shadow, and

          4. the target system has the same usernames as the source system, and

          5. the UIDs on the target system are the same as the UIDs on the source system, and

          6. the encryption methods used by the passwords need to be supported on the target system, and


          7. /etc/passwd on the target system must be in sync with the injected /etc/shadow.

          I hope I didn't forget anything. :)



          The easier (and safer) way to do it is to use vipw to save credentials for the relevant users on the source system, then copy them on the target system







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Oct 31 '17 at 6:12

























          answered Oct 30 '17 at 15:47









          Satō Katsura

          10.7k11533




          10.7k11533











          • Multiple encryption methods are available in glibc.
            – Christopher
            Oct 30 '17 at 15:50










          • Yes, the encryption methods used by the passwords need to be supported on the target system. That's unlikely to be a problem these days.
            – Satō Katsura
            Oct 30 '17 at 16:03










          • It’s implied by your #4 and #5, but it might be clearer if you explicitly said that the /etc/passwd  on the target system must be in sync with the injected /etc/shadow.
            – G-Man
            Oct 30 '17 at 17:47










          • @G-Man Edited. Now it's redundant, but oh well. :)
            – Satō Katsura
            Oct 30 '17 at 17:49










          • To move users and their passwords, I found it easiest to create them on the new system, and then grep their entries from shadow: egrep "^(jane|joe):" /etc/shadow. Then do a replace in shadow.
            – hschou
            Oct 31 '17 at 7:08

















          • Multiple encryption methods are available in glibc.
            – Christopher
            Oct 30 '17 at 15:50










          • Yes, the encryption methods used by the passwords need to be supported on the target system. That's unlikely to be a problem these days.
            – Satō Katsura
            Oct 30 '17 at 16:03










          • It’s implied by your #4 and #5, but it might be clearer if you explicitly said that the /etc/passwd  on the target system must be in sync with the injected /etc/shadow.
            – G-Man
            Oct 30 '17 at 17:47










          • @G-Man Edited. Now it's redundant, but oh well. :)
            – Satō Katsura
            Oct 30 '17 at 17:49










          • To move users and their passwords, I found it easiest to create them on the new system, and then grep their entries from shadow: egrep "^(jane|joe):" /etc/shadow. Then do a replace in shadow.
            – hschou
            Oct 31 '17 at 7:08
















          Multiple encryption methods are available in glibc.
          – Christopher
          Oct 30 '17 at 15:50




          Multiple encryption methods are available in glibc.
          – Christopher
          Oct 30 '17 at 15:50












          Yes, the encryption methods used by the passwords need to be supported on the target system. That's unlikely to be a problem these days.
          – Satō Katsura
          Oct 30 '17 at 16:03




          Yes, the encryption methods used by the passwords need to be supported on the target system. That's unlikely to be a problem these days.
          – Satō Katsura
          Oct 30 '17 at 16:03












          It’s implied by your #4 and #5, but it might be clearer if you explicitly said that the /etc/passwd  on the target system must be in sync with the injected /etc/shadow.
          – G-Man
          Oct 30 '17 at 17:47




          It’s implied by your #4 and #5, but it might be clearer if you explicitly said that the /etc/passwd  on the target system must be in sync with the injected /etc/shadow.
          – G-Man
          Oct 30 '17 at 17:47












          @G-Man Edited. Now it's redundant, but oh well. :)
          – Satō Katsura
          Oct 30 '17 at 17:49




          @G-Man Edited. Now it's redundant, but oh well. :)
          – Satō Katsura
          Oct 30 '17 at 17:49












          To move users and their passwords, I found it easiest to create them on the new system, and then grep their entries from shadow: egrep "^(jane|joe):" /etc/shadow. Then do a replace in shadow.
          – hschou
          Oct 31 '17 at 7:08





          To move users and their passwords, I found it easiest to create them on the new system, and then grep their entries from shadow: egrep "^(jane|joe):" /etc/shadow. Then do a replace in shadow.
          – hschou
          Oct 31 '17 at 7:08


















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f401420%2fwhen-i-copy-etc-shadow-to-another-system-is-it-possible-to-login-with-the-acco%23new-answer', 'question_page');

          );

          Post as a guest
































































          -

          Popular posts from this blog

          Peggy Mitchell

          Image
          EastEnders character This article is about the soap opera character. For the British tennis player, see Peggy Michell. For the author, see Margaret Mitchell. Peggy Mitchell Barbara Windsor as Peggy Mitchell (2008) EastEnders character Portrayed by Jo Warne (1991) Barbara Windsor (1994–2016) Duration 1991, 1994–2010, 2013–2016 First appearance Episode 650 30 April 1991  ( 1991-04-30 ) Last appearance Episode 5286 17 May 2016  ( 2016-05-17 ) (appearance) Episode 5287 19 May 2016 (voiceover) Introduced by Michael Ferguson (1991) Barbara Emile (1994) Louise Berridge (2004) Kate Harwood (2005) Lorraine Newman (2013) Dominic Treadwell-Collins (2014) Spin-off appearances The Mitchells - Naked Truths (1998) Classification Former; regular Profile Other names Peggy Butcher Occupation Barmaid Businesswoman Pub landlady Jo Warne as Peggy Mitchell (1991) Family Family Mitchell Father Jack Martin Mother Lily Martin Sisters Aunt ...
          Read more

          The Forum (Inglewood, California)

          Image
          The Forum "LA Forum" Prairie Ave. façade of The Forum in 2014 Full name The Forum, presented by Chase Former names The Forum (1967–1988) Great Western Forum (1988–2003) Address 3900 W. Manchester Blvd Location Inglewood, California Coordinates Coordinates: 33°57′29″N 118°20′31″W  /  33.95806°N 118.34194°W  / 33.95806; -118.34194 Public transit     Downtown Inglewood station Owner The Madison Square Garden Company Operator MSG Entertainment Seating type Reserved Capacity 17,500 Half-bowl: 8,000 Construction Broke ground July 1, 1966  ( 1966-07-01 ) Opened December 30, 1967  ( 1967-12-30 ) Renovated 1988, 2012–2014 Construction cost $16 million Renovation: 2014: $76.5 million Architect Charles Luckman Associates (original) Brisbin Brook Beynon (renovation) Structural engineer Johnson & Nielsen Associates (original) Severud Associates (renovation) Genera...
          Read more

          Palaiologos

          Image
          Palaiologos Παλαιολόγος Palaeologus, Palaeologue Imperial Family Double-headed eagle with the family cypher Country Byzantine Empire, Duchy of Montferrat (remaining lineage after Empire annexed by Ottomans) Founded 11th century  ( 11th century ) Founder Nikephoros Palaiologos (first known) Final ruler Constantine XI Palaiologos (Byzantine Empire) Margaret Paleologa (Montferrat) Titles Byzantine Emperor Marquess of Montferrat Style(s) "Augustus" "Basileus" "Autokrator" Traditions Greek Orthodoxy (predominantly) Roman Catholicism (remaining lineage in Montferrat) Dissolution 1533  ( 1533 ) Cadet branches Claimants: House of Kastrioti (defunct) House of Rurik (defunct) Palaiologan dynasty Chronology Michael VIII 1259–1282 with Andronikos II as co-emperor, 1261–1282 Andronikos II 1282–1328 with Michael IX (1294–1320) and Andronikos III (1321–1328) as co-emperors Andronikos III 1328–1341 John...
          Read more