Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I create a user and set a password using ansible?

Tags:

The documentation refers us to the github example, but this is a bit sparse and mysterious.

It says this:

# created with: # crypt.crypt('This is my Password', '$1$SomeSalt') password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI. 

but crypt.crypt doesn't emit what the example shows. It also uses MD5.

I tried this:

# python import crypt crypt.crypt('This is my Password', '$6$somereallyniceandbigrandomsalt$') >> '$69LxCegsnIwI' 

but the password field of user should get something like this:

password: $6$somereallyniceandbigrandomsalt$UqddPX3r4kH3UL5jq5/ZI. 

which includes three $ delimiters separating the 6 (which signifies that its a SHA-512 hash), the salt, and the crypted password.

Note that the python crypt docs don't mention anything about the $N format.

Questions:

  1. Is the salt, as supplied to crypt.crypt, supposed to end with a trailing $ or is it in $N$SALT format?

  2. Python docs refer to DES, but how is SHA-512 or MD5 being called and where is the documention for this?

  3. Am I really supposed to take the output of crypt.crypt and cut off the first $6 and make $N$SALT$CRYPTED? Is this what ansible needs?

like image 753
Chris Sattinger Avatar asked Mar 05 '13 18:03

Chris Sattinger


People also ask

How do I add users to Ansible?

First, log in to the Ansible controller host, 2. Run the following commands to create the ~/ansible_create_user directory and change to that directory. This directory will contain the playbook and all the required configuration files that you'll use to invoke the Ansible create user module.

What is Ansible user?

Ansible communicates with remote machines over the SSH protocol. By default, Ansible uses native OpenSSH and connects to remote machines using your current user name, just as SSH does. This can be overridden using: passing the -u parameter at the command line. setting user information in your inventory file.


1 Answers

The python example shown in the documentation depends on what version of crypt is running on the OS you are using.

I generated the crypt on OS X and the server I was targetting is ubuntu.

Due to differences in which implementation of crypt is offered by the OS, the result is different and incompatible.

Use this instead:

http://pythonhosted.org/passlib/

Passlib is a password hashing library for Python 2 & 3, which provides cross-platform implementations of over 30 password hashing algorithms, as well as a framework for managing existing password hashes. It’s designed to be useful for a wide range of tasks, from verifying a hash found in /etc/shadow, to providing full-strength password hashing for multi-user application.

>>> # import the hash algorithm >>> from passlib.hash import sha512_crypt  >>> # generate new salt, and hash a password >>> hash = sha512_crypt.encrypt("password") >>> hash 

'$6$rounds=656000$BthPsosdEpqOM7Qd$l/ln9nyEfxM67ea8Bvb79JoW50pGjf6iM87taIvfSmpjasE4/wBG1.60pFS6W992T7Q1q2wikMbxYUvMHD1tT1'

like image 66
Chris Sattinger Avatar answered Oct 07 '22 17:10

Chris Sattinger