THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Server (All Versions) using Local (GlobalSCAPE) Authentication
Is it possible to import user passwords from Unix, Linux, or Solaris to EFT server?
By default EFT server uses base 64-encoded SHA-256 for user password hashes; however, it is possible to create user accounts or modify existing accounts using EFT Server’s COM API such that EFT Server treats the stored hash as an MD5 or DES hash consistent with the crypt format used for storing passwords in the Unix or Linux Shadow file.
At present the only *nix crypt formats supported are:
MD5 salted hash: $1$<salt>$<hash> (e.g., $1$somesalt$W.KCTbPSiFDGffAGOjcBc)
DES salted hashes: <hash> (e.g., UZoIyj/Hy/c)
Password hashes imported in this format will remain in that format until the user changes their password, at which time the new password hash will be saved in SHA-256 format.
Attached is a script that demonstrates how to read Shadow file passwords from a comma delimited file and then call CreateUser() with the password type (nPwdType) parameter is set to 5 (literal). You can also modify existing account hashes by calling ChangeUserPassword() with an nPwdType of 5 and specifying the literal string, e.g. $1$somesalt$W.KCTbPSiFDGffAGOjcBc. as the new password (bstrPwd parameter).
Refer to the ICISite - Single-Site Interface in the COM API reference for more information regarding creating users with the EFT Server COM API.
The attached zip file EFTMigrateCSVUsers.zip contains a script (VBS) and a sample CSV file. You should edit both of these files for your system and your users. (e.g., In the script, the default Admin port should be changed if yours is different from the default.) The script creates users on the first available Site on the Server. The CSV file can be generated by extracting the entries from the Shadow Password file on a *nix system.
- Reads the .csv file into memory.
- Parses out the userIDs and passwords.
- Creates the users and applies the literal password type.
- Verifies/creates VFS folders for the users' home folders.
- Configures permissions on the folder.
- Configures the users' home folder as their default root.
For more script examples, refer to EFT Server COM API Scripts.