Copying AIX password hashes between servers
brian_s 270002K5X3 Visits (15110)
AIX stores password hashes under /etc
Here is an example for the root user:
If you would like to transfer a users password from one server to another, you can simply copy the users stanza out of /etc
However, editing /etc
Another option is to get the users password hash out of /etc
The "-c" option on chpasswd clears any password flags and prevents the user from being forced to change their password at next login.
WARNING: Don't run the chpasswd command line above (or the others in this article) on your server or you'll change your root password. The password hashes used in this posting are just examples and the password for them all is just the letter "a".
To make this process easier, here is a short script to automate this proc
The script will generate the "chpasswd" command line needed to duplicate the users password on other servers. The script doesn't do anything other than generating the chpasswd command line - you must then take this command line and run it on whatever server(s) you want to copy the users password hash to. If you run this script with a specific user as a argument only that user will have the command line generated. If you don't specify a user, it will generate command lines for all users on the server that have a password stanza.
Here is an example of running it and specifying a user (root in this case). As you can see it just generates a command line - you must then copy and paste this on to each server you want to duplicate the users password on to. When you run the generated command on another server it will change the users password to match whatever password was set on the original server.
If you run the script without any arguments, chpasswd command lines are generated for all users that have a password stanza:
If you would like to learn more about password hashes and how they work, check out this article over at IBM System Magazine: Improve AIX Security With Password Hashes