Migration

From UGCS
Jump to: navigation, search

Directory Information

[[Category::Archive]] This script seems like the best way to do it, I don't want to muck with the PADL tools again.

Passwords

We will create all of the Kerebros principals ahead of time with random keys, and export a keytab containing all of the principals.

save_pw.sh 

#!/bin/sh

ypcat passwd | awk -F: '{print($1","$2)}' > migration_passwd.csv

migrate_pw.pl 

#!/usr/bin/perl -wl

use strict;

use Crypt::PasswdMD5 qw(unix_md5_crypt);
use CGI qw(:standard);
use Text::CSV;

my $folder = '/home/elizabeth/ugcs/';

sub fatal_error {
  print "Sorry, you did not enter a correct username and password.";

  my $username = $_[0];
  my $error = $_[1];
  &log_outcome($username, $error)
}

sub log_outcome {
  my $logfile = $folder . 'migration_auth.log';

  my $username = $_[0];
  my $state = $_[1];
  my $ip = $ENV{'REMOTE_ADDR'};
  open(LOG,">>$logfile") || exit 1;
  print LOG "$username,$state,$ip";
  close(LOG);
  exit 1;
}

print "Content-type: text/plain\n\n";

my $username = param('username') || &fatal_error('<no username>', 'no_user_specified');
my $password = param('password') || &fatal_error($username, 'no_password_specified');

my $file = $folder . 'migration_passwd.csv';
my $csv = Text::CSV->new();
my $dbpass = '<missing>';
my $salt = '<missing>';

open (CSV, "<", $file) or &fatal_error($username, 'failure_looking_up');
while (<CSV>) {
  if ($csv->parse($_)) {
    my @columns = $csv->fields();
    if ($username eq $columns[0]) {
      $dbpass = $columns[1];
    }
  }
}
close CSV;

if ($dbpass eq '<missing>') {
  &fatal_error($username, 'no_such_user')
}

if ($dbpass =~ m/^\$1\$(.*)\$.*$/) {
  $salt = $1;
  &fatal_error($username,'incorrect_md5') if unix_md5_crypt($password, $salt) ne $dbpass;
} else {
  $salt = substr($dbpass, 0, 2);
  print crypt($password, $salt) . "\n";
  print $dbpass;
  &fatal_error($username,'incorrect_crypt') if crypt($password, $salt) ne $dbpass;
}


my $command = "/usr/sbin/kadmin -p $username -q \"cpw -pw '" . $password .
  "' " . $username . "\" -k -t " . $folder . "migration_principals.keytab 2>&1";
system $command;

if ($? == 0) {
  print "Thanks for using UGCS!  Your password has been migrated to Kerberos" .
    "and you can use the new cluster.";
  log_outcome($username, 'success');
} else {
  print "Your account has already been activated.";
  log_outcome($username, 'already_active');
}

Mailing Lists

find_lists.sh 

#!/bin/sh

cat /ug/adm/etc/mail/aliases|grep '^owner'|sed 's/^owner-\(.*\): /\1 /'|grep -v ':include:'|
awk '{print($1, $2)}'|xargs -n 2 ./migrate_list.sh

migrate_list.sh name owner 

#!/bin/sh

sudo newlist -q $1 $2@ugcs.caltech.edu `dd if=/dev/urandom bs=1k count=1|md5sum`
sed -i 's/#.*$//;s/<\([^@]*\)>/<\1@ugcs.caltech.edu>/;s/^\([^@]\+\)$/\1@ugcs.caltech.edu/' $1
sudo add_members -r $1 -w n -a n $1

Note: some people may want lists renamed (example: moles-real, etc.) - in that case, will need to do http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.070.htp

Retrieved from "http://www.ugcs.caltech.edu/wiki/Migration"
Personal tools