Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Managing a user password for linux in puppet

Tags:

linux

puppet

I need to create a test user with a password using puppet.

I've read that puppet cannot manage user passwords in a generic cross-platform way, which is a pity. I am doing this for Red Hat Enterprise Linux Server release 6.3.

I do as follows:

user { 'test_user':    ensure   => present,   password => sha1('hello'), } 

puppet updates the password of the user, but Linux says login/pwd incorrect when I try to log in.

It works (I can login) if I set the password manually in Linux with sudo passwd test_user, and then look at /etc/shadow and hardcode that value in puppet. something like:

user { 'test_user':    ensure   => present,   password => '$1$zi13KdCr$zJvdWm5h552P8b34AjxO11', } 

I've tried also by adding $1$ in front of the sha1('hello'), but it does not work either (note, $1$ stands for sha1).

How to modify the first example to make it work (using the plaintext password in the puppet file)?

P.S.: I am aware that I should use LDAP, or sshkeys, or something else, instead of hardcoding the user passwords in the puppet file. however, I am doing this only for running a puppet vagrant test, so it is ok to hardcode the user password.

like image 276
David Portabella Avatar asked Oct 01 '13 10:10

David Portabella


People also ask

Where is Linux user password stored?

In older Linux systems, user information, including passwords and usernames, are kept in a system file called /etc/passwd. This plaintext database is used to keep track of every user on the Linux system.

What is the default password for user in Linux?

To answer the literal question: no, there is no default password. Usually by default an account will have an "invalid" password, that is, a password hash that will not be matched by any password at all.


2 Answers

Linux users have their passwords stored as hash in /etc/shadow file. Puppet passes the password supplied in the user type definition in the /etc/shadow file.

Generate your hash password using openssl command:

 #openssl passwd -1    #Enter your password here   Password:   Verifying - Password:   $1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM 

The previous example generate this hash: $1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM/

Add this hash password to your class as shown (do not forget the quotes)

user { 'test_user':    ensure   => present,   password => '$1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM/', } 
like image 57
Avinash Singh Avatar answered Oct 05 '22 13:10

Avinash Singh


The stdlib package of puppetlabs implements a similar pw_hash function of the accepted answer.

Be sure to add the library to your configuration. If you use librarian, just add in your Puppetfile

mod 'puppetlabs-stdlib' 

Then to create an user, simply :

user { 'user':   ensure => present,   password => pw_hash('password', 'SHA-512', 'mysalt'), } 
like image 39
mperrin Avatar answered Oct 05 '22 15:10

mperrin