<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div>On May 30, 2010, at 5:18 AM, KOBA | Hans Rossel wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">The main problem if you export and import only the users will be the passwords I think. Drupal 7 uses a new password hashing algorithm (see <meta http-equiv="content-type" content="text/html; charset=utf-8"><a href="http://drupal.org/node/29706">http://drupal.org/node/29706</a>), so you cannot just copy the user table. Probably best would be to make a new fresh Drupal 5 installation with only core and garland as theme, copy the user table in there <meta http-equiv="content-type" content="text/html; charset=utf-8">(f.i. with phpmyadmin or backup_migrate module) and then perform the consequent updates of that simple installation to d6 and d7. When you run update.php to finalise the d7 installation the passwords will be updated.</blockquote></div><br><div>OK, that sounds workable, for a one-time procedure.</div><div><br></div><div>Is it really necessary to do the intermediate d6 install? Do all of d5, d6, and d7 have mutually incompatible user tables, so I need to wash the data through both upgrade conversions? If I did a clean d6 install, could I just drop my d5 user table into that database, then do the d6-d7 upgrade?</div><div><br></div><div>Actually, this is the tip of a larger question about user administration. What I really want is to have all account management centralized. This is a club website which has a public section (visible to anonymous) and a members-only section, which is only visible to authenticated users. As people join and leave the club, I'd like to have some automated way to push add/change/delete updates to the site user list. Are there tools to do this?</div><div><br></div><div>In theory, authenticating against some external authority (LDAP, kerberos, etc) would be good, but we're not big enough to have that kind of infrastructure. Pushing updates would be good enough for our purposes.</div><div><br></div><div>BTW, putting on my security hat for a moment, I agree with the move away from unsalted MD5. It's just not a viable technology any more for applications where it security matters.</div><div><br></div><div><br></div></body></html>