Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Managing a user password for linux in puppet

Tags:

linux

puppet

I need to create a test user with a password using puppet.

I've read that puppet cannot manage user passwords in a generic cross-platform way, which is a pity. I am doing this for Red Hat Enterprise Linux Server release 6.3.

I do as follows:

user { 'test_user':    ensure   => present,   password => sha1('hello'), }

puppet updates the password of the user, but Linux says login/pwd incorrect when I try to log in.

It works (I can login) if I set the password manually in Linux with sudo passwd test_user, and then look at /etc/shadow and hardcode that value in puppet. something like:

user { 'test_user':    ensure   => present,   password => '$1$zi13KdCr$zJvdWm5h552P8b34AjxO11', }

I've tried also by adding $1$ in front of the sha1('hello'), but it does not work either (note, $1$ stands for sha1).

How to modify the first example to make it work (using the plaintext password in the puppet file)?

P.S.: I am aware that I should use LDAP, or sshkeys, or something else, instead of hardcoding the user passwords in the puppet file. however, I am doing this only for running a puppet vagrant test, so it is ok to hardcode the user password.

like image 276
David Portabella Avatar asked Oct 01 '13 10:10

David Portabella

People also ask

Where is Linux user password stored?

In older Linux systems, user information, including passwords and usernames, are kept in a system file called /etc/passwd. This plaintext database is used to keep track of every user on the Linux system.

What is the default password for user in Linux?

To answer the literal question: no, there is no default password. Usually by default an account will have an "invalid" password, that is, a password hash that will not be matched by any password at all.

2 Answers

Linux users have their passwords stored as hash in /etc/shadow file. Puppet passes the password supplied in the user type definition in the /etc/shadow file.

Generate your hash password using openssl command:

 #openssl passwd -1    #Enter your password here   Password:   Verifying - Password:   $1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM

The previous example generate this hash: $1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM/

Add this hash password to your class as shown (do not forget the quotes)

user { 'test_user':    ensure   => present,   password => '$1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM/', }
like image 57
Avinash Singh Avatar answered Oct 05 '22 13:10

Avinash Singh

The stdlib package of puppetlabs implements a similar pw_hash function of the accepted answer.

Be sure to add the library to your configuration. If you use librarian, just add in your Puppetfile

mod 'puppetlabs-stdlib'

Then to create an user, simply :

user { 'user':   ensure => present,   password => pw_hash('password', 'SHA-512', 'mysalt'), }
like image 39
mperrin Avatar answered Oct 05 '22 15:10

mperrin
Sign in to Comment

Related questions

npm update broke npm
bzero() & bcopy() versus memset() & memcpy()
Upload file on Linux (CLI) to Dropbox (via bash/sh)?
GROUP BY/SUM from shell
Git merge branch of another remote
/usr/bin/ld: cannot find -llapack
Programming on samsung chromebook [closed]
How does sig_atomic_t actually work?
What parts of Linux kernel can I read for fun? [closed]
UID of script "/home/...../public_html/index.php" is smaller than min_uid
adb push/pull with progress bar
Why doesn't perf report cache misses?
gensim error : no module named gensim
Launch XDebug in Netbeans on an external request
ftell on a file descriptor?
Saving awk output to variable [duplicate]
Linux/Unix man page syntax conventions
Linux command line howto accept pairing for bluetooth device without pin
Get mtime of specific file using Bash?
Output file lines from last to first in Bash

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!