I'm now looking at the user module and struggling with the use of encrypted
passwords...
Not that we can't store encrypted passwords, just the way that Linux and
AIX store encrypted passwords are different.
Running 'openssl passwd -salt saltsalt -1 password' gives me the following
string
$1$saltsalt$qjXMvbEw8oaL.CzflDtaK/
Linux will use this string as it stands as the encrypted password, AIX uses
a slightly different format for MD5 passwords
{smd5}saltsalt$qjXMvbEw8oaL.CzflDtaK/
Given that I have a mix of AIX and Linux hosts to deal with what would be a
better way of dealing with the creation of local accounts for the system
administrators?
1) Modify the user module to accept Linux format encrpyted passwords and
then change them to the appropriate AIX format (this could work for $1$,
$2a$, $5$ and $6$)
2) Store the passwords and salts without the headers and add the
appropriate header using variables (I'm thinking something like {{
os_password_header }}{{ headerless_password }}. This would assume a single
password hash type for all passwords)
3) Store passwords in their native formats for each OS (becomes much
bulkier in the variables files but will work)
Personally I like 2) for simplicity (No changes to Ansible required), but
can see a minor advantage to 1). 3) seems to be the least elegant method.
What are other peoples thoughts?
Adam
p.s. wait until I start trying to get this to work on our few Solaris,
HP-UX and I5-OS servers... particularly the latter.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
