X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C87A34.E60E5B52@onstor-exch02.onstor.net>; Thu, 28 Feb 2008 11:08:19 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-class: urn:content-classes:message
Subject: RE: Cougar migration issue
Date: Thu, 28 Feb 2008 11:08:19 -0700
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E089F15C6@onstor-exch02.onstor.net>
In-Reply-To: <BB375AF679D4A34E9CA8DFA650E2B04E089F156B@onstor-exch02.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Cougar migration issue
Thread-Index: Ach53ftt8qxQC/FMQDquteiXN4SGZAAQcWPZAAMAqXAAAM0kUAAAbubgAAEGnZA=
From: "Tim Gardner" <tim.gardner@onstor.com>
To: "Narain Ramadass" <narain.ramadass@onstor.com>,
	"Sandrine Boulanger" <sandrine.boulanger@onstor.com>,
	"Eric Barrett" <eric.barrett@onstor.com>,
	"dl-Cougar" <dl-Cougar@onstor.com>
Cc: "Sripal Surendiran (HCL)" <sripal.surendiran@onstor.com>,
	"Sudharsan Srinivasan" <sudharsan@onstor.com>

Yes, I believe that local useraccount passwords are stored in the
cluster DB.

> -----Original Message-----
> From: Narain Ramadass
> Sent: Thursday, February 28, 2008 9:39 AM
> To: Sandrine Boulanger; Eric Barrett; Tim Gardner; dl-Cougar
> Cc: Sripal Surendiran (HCL); Sudharsan Srinivasan
> Subject: RE: Cougar migration issue
>=20
> IIRC - those goto the clusterDB?
>=20
> -----Original Message-----
> From: Sandrine Boulanger
> Sent: Thursday, February 28, 2008 9:26 AM
> To: Eric Barrett; Narain Ramadass; Tim Gardner; dl-Cougar
> Cc: Sripal Surendiran (HCL); Sudharsan Srinivasan
> Subject: RE: Cougar migration issue
>=20
> Where do we store the passwords for the local useraccounts, like ndmp?
>=20
> -----Original Message-----
> From: Eric Barrett
> Sent: Thursday, February 28, 2008 9:05 AM
> To: Narain Ramadass; Tim Gardner; dl-Cougar
> Cc: Sripal Surendiran (HCL); Sudharsan Srinivasan
> Subject: RE: Cougar migration issue
>=20
> We can't expire them because it still requires knowing how to crypt()
the
> password, which apparently the Linux libraries can't do with the BSD
> format.  Otherwise you're opening up the accounts for J. Random Hacker
to
> log in and change them himself.  (Unlikely, yes, but still a
> consideration, especially since we have customers who run their boxes
on
> the public Internet.)
>=20
>=20
> -----Original Message-----
> From: Narain Ramadass
> Sent: Thursday, February 28, 2008 7:37 AM
> To: Tim Gardner; dl-Cougar
> Cc: Sripal Surendiran (HCL); Sudharsan Srinivasan
> Subject: RE: Cougar migration issue
>=20
> Tim,
>=20
> Another alternative we had discussed last time was to reset the
passwords
> for the root and admin accounts to their ONStor defaults and add an
expiry
> date for the password such that the next login by the respective users
> would force them to change the password.
>=20
> I do not believe that we store anything except admin and root in the
> passwd file - but then ONStor created ID's show up to BSD as "admin".
> Therefore if I logged in as "ndmp", "who" run from BSD would show an
> instance of "admin" having logged in. This may need a bit of testing
and
> validation IMHO.
>=20
> My 2c.
>=20
> Narain.
>=20
>=20
> -----Original Message-----
> From: Tim Gardner
> Sent: Wed 2/27/2008 11:53 PM
> To: dl-Cougar
> Cc: Sripal Surendiran (HCL); Sudharsan Srinivasan
> Subject: Cougar migration issue
>=20
> Folks,
>=20
> There is a migration issue regarding the password file.
> The format (blowfish) used on BSD is not supported on our Linux
> distribution.
> How important is this?
> Do we store any passwords in this file other than the passwords for
the
> admin and root users?
> If not, would it be sufficient to just prompt the user for these
passwords
> during migration?
>=20
> Tim
>=20

