I need to create a test user with a password using puppet.
I've read that puppet cannot manage user passwords in a generic cross-platform way, which is a pity. I am doing this for Red Hat Enterprise Linux Server release 6.3.
I do as follows:
user { 'test_user': ensure => present, password => sha1('hello'), }
puppet updates the password of the user, but Linux says login/pwd incorrect when I try to log in.
It works (I can login) if I set the password manually in Linux with sudo passwd test_user
, and then look at /etc/shadow
and hardcode that value in puppet. something like:
user { 'test_user': ensure => present, password => '$1$zi13KdCr$zJvdWm5h552P8b34AjxO11', }
I've tried also by adding $1$
in front of the sha1('hello')
, but it does not work either (note, $1$
stands for sha1).
How to modify the first example to make it work (using the plaintext password in the puppet file)?
P.S.: I am aware that I should use LDAP, or sshkeys, or something else, instead of hardcoding the user passwords in the puppet file. however, I am doing this only for running a puppet vagrant test, so it is ok to hardcode the user password.
In older Linux systems, user information, including passwords and usernames, are kept in a system file called /etc/passwd. This plaintext database is used to keep track of every user on the Linux system.
To answer the literal question: no, there is no default password. Usually by default an account will have an "invalid" password, that is, a password hash that will not be matched by any password at all.
Linux users have their passwords stored as hash in /etc/shadow file. Puppet passes the password supplied in the user type definition in the /etc/shadow file.
Generate your hash password using openssl command:
#openssl passwd -1 #Enter your password here Password: Verifying - Password: $1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM
The previous example generate this hash: $1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM/
Add this hash password to your class as shown (do not forget the quotes)
user { 'test_user': ensure => present, password => '$1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM/', }
The stdlib package of puppetlabs implements a similar pw_hash
function of the accepted answer.
Be sure to add the library to your configuration. If you use librarian, just add in your Puppetfile
mod 'puppetlabs-stdlib'
Then to create an user, simply :
user { 'user': ensure => present, password => pw_hash('password', 'SHA-512', 'mysalt'), }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With