Search

GlobalSCAPE Knowledge Base

Is it possible to import user passwords from Solaris to EFT server?

Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:
  • EFT Server (All Versions) using Local (GlobalSCAPE) Authentication
QUESTION

Is it possible to import user passwords from Unix, Linux, or Solaris to EFT server?

ANSWER

By default, EFT server uses base 64-encoded SHA-256 for user password hashes; however, it is possible to create user accounts or modify existing accounts using EFT Server’s COM API such that EFT Server treats the stored hash as an MD5 or DES hash consistent with the crypt format used for storing passwords in the Unix or Linux Shadow file.

At present the only *nix crypt formats supported are:

MD5 salted hash: $1$<salt>$<hash> (e.g., $1$somesalt$W.KCTbPSiFDGffAGOjcBc)

DES salted hashes: <hash> (e.g., UZoIyj/Hy/c)

Password hashes imported in this format will remain in that format until the user changes their password, at which time the new password hash will be saved in SHA-256 format.

Attached is a script that demonstrates how to read Shadow file passwords from a comma delimited file and then call CreateUser() with the password type (nPwdType) parameter is set to 5 (literal). You can also modify existing account hashes by calling ChangeUserPassword() with an nPwdType of 5 and specifying the literal string, e.g. $1$somesalt$W.KCTbPSiFDGffAGOjcBc. as the new password (bstrPwd parameter).

Refer to the ICISite - Single-Site Interface in the COM API reference for more information regarding creating users with the EFT Server COM API.

The attached zip file EFTMigrateCSVUsers.zip contains a script (VBS) and a sample CSV file. You should edit both of these files for your system and your users. (e.g., In the script, the default Admin port should be changed if yours is different from the default.) The script creates users on the first available Site on the Server. The CSV file can be generated by extracting the entries from the Shadow Password file on a *nix system.

The script:

  1. Reads the .csv file into memory.
  2. Parses out the userIDs and passwords.
  3. Creates the users and applies the literal password type.
  4. Verifies/creates VFS folders for the users' home folders.
  5. Configures permissions on the folder.
  6. Configures the users' home folder as their default root.

For more script examples, refer to COM API Scripts in the help for your version of EFT.

Details
Last Modified: 7 Months Ago
Last Modified By: kmarsh
Type: FAQ
Rated 2 stars based on 7 votes.
Article has been viewed 70K times.
Options
Also In This Category
Tags