Migration

Directory Information
This script seems like the best way to do it, I don't want to muck with the PADL tools again.

Passwords
We will create all of the Kerebros principals ahead of time with random keys, and export a keytab containing all of the principals.

save_pw.sh
 * 1) !/bin/sh

ypcat passwd | awk -F: '{print($1","$2)}' > migration_passwd.csv

migrate_pw.pl
 * 1) !/usr/bin/perl -wl

use strict;

use Crypt::PasswdMD5 qw(unix_md5_crypt); use CGI qw(:standard); use Text::CSV;

my $folder = '/home/elizabeth/ugcs/';

sub fatal_error { print "Sorry, you did not enter a correct username and password.";

my $username = $_[0]; my $error = $_[1]; &log_outcome($username, $error) }

sub log_outcome { my $logfile = $folder. 'migration_auth.log';

my $username = $_[0]; my $state = $_[1]; my $ip = $ENV{'REMOTE_ADDR'}; open(LOG,">>$logfile") || exit 1; print LOG "$username,$state,$ip"; close(LOG); exit 1; }

print "Content-type: text/plain\n\n";

my $username = param('username') || &fatal_error(' ', 'no_user_specified'); my $password = param('password') || &fatal_error($username, 'no_password_specified');

my $file = $folder. 'migration_passwd.csv'; my $csv = Text::CSV->new; my $dbpass = ' '; my $salt = ' ';

open (CSV, "<", $file) or &fatal_error($username, 'failure_looking_up'); while () { if ($csv->parse($_)) { my @columns = $csv->fields; if ($username eq $columns[0]) { $dbpass = $columns[1]; } } } close CSV;

if ($dbpass eq ' ') { &fatal_error($username, 'no_such_user') }

if ($dbpass =~ m/^\$1\$(.*)\$.*$/) { $salt = $1; &fatal_error($username,'incorrect_md5') if unix_md5_crypt($password, $salt) ne $dbpass; } else { $salt = substr($dbpass, 0, 2); print crypt($password, $salt). "\n"; print $dbpass; &fatal_error($username,'incorrect_crypt') if crypt($password, $salt) ne $dbpass; }

my $command = "/usr/sbin/kadmin -p $username -q \"cpw -pw '" . $password . "' " . $username . "\" -k -t ". $folder. "migration_principals.keytab 2>&1"; system $command;

if ($? == 0) { print "Thanks for using UGCS! Your password has been migrated to Kerberos". "and you can use the new cluster."; log_outcome($username, 'success'); } else { print "Your account has already been activated."; log_outcome($username, 'already_active'); }

Mailing Lists
find_lists.sh
 * 1) !/bin/sh

cat /ug/adm/etc/mail/aliases|grep '^owner'|sed 's/^owner-\(.*\): /\1 /'|grep -v ':include:'| awk '{print($1, $2)}'|xargs -n 2 ./migrate_list.sh

migrate_list.sh name owner
 * 1) !/bin/sh

sudo newlist -q $1 $2@ugcs.caltech.edu `dd if=/dev/urandom bs=1k count=1|md5sum` sed -i 's/#.*$//;s/<\([^@]*\)>/<\1@ugcs.caltech.edu>/;s/^\([^@]\+\)$/\1@ugcs.caltech.edu/' $1 sudo add_members -r $1 -w n -a n $1

Note: some people may want lists renamed (example: moles-real, etc.) - in that case, will need to do http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.070.htp