Issue with migrating user passwords from graylog 1.x to graylog 2.x

Hello community!

I faced with issue when migrating user passwords. After update i unable to login with my password which is store in mongodb. I have look into mongo to get my password and it equal to stored in not update graylog 1.x but i can to login to old graylog 1.x and not able with the same password on just updated graylog 2.2 and mongo 3.4. Also hash passwords of my user are the same on both updated and not updated instances. I can change my password through admin login, and after change i see it change format in mongo (added bcrypt and salt). I can it do for my login but it is no way for other users who also use graylog. Is there a way smooth migrating users from 1.x graylog to 2.2? Thank you.

Seems graylog haven’t update format stored password in mongodb properly, but i did all things by guidance.

@mpolitaev

  • how did you upgrade?
  • from what version?

We had graylog 1.3.2, mongo 2.0.4.

Upgrade i did by this guidance http://docs.graylog.org/en/2.2/pages/upgrade/graylog-2.0.html#
After graylog has been upgraded i have upgrade mongo from 2.0 to 2.2, then 2.2 to 2.4, then 2.4 to 2.6, then 2.6 to 3.0, then 3.0 to 3.2, then 3.2 to 3.4.5.

This output of command to mongo db.users.find()
{ "_id" : ObjectId("57cea21fe4b0137194142f75"), "password" : "34ffce3671ad5852e906a371ccc3f4d6cff95bd1", "session_timeout_ms" : NumberLong(-1), "full_name" : "User Name", "timezone" : "UTC", "permissions" : [ "users:edit:user", "users:passwordchange:user" ], "roles" : [ ObjectId("55f93980e4b09329438ab1b6") ], "email" : "user@mail.com", "username" : "user" }

As you see password stored just as hash value, but after i had logged in into updated graylog 2.2.3 under admin and update my user password i see in mongo password field became with bcrypt and salt values.
How i can stay with my old users password that they be able to login without manual reset passwords?

and your Graylog Update was done every version from 1.3.2 to current?

Not, Graylog was updated directly from 1.3.2 to 2.2.3. Is this can be a cause?

Graylog 2.x should still be able to read the password hashes generated by Graylog 1.x.

Maybe you’ve changed the password_secret configuration setting, which was being used in Graylog 1.x as a salt. This setting has to be identical between your setups.

2 Likes

Thank you jochen!

This was exactly that cause! Helped!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.