User module doesn't set a password by default, so it will create a user without one :)
On Monday, April 21, 2014 4:15:17 PM UTC+2, Adam Morris wrote: > > I would have to check whether this would create an account with an empty > password hash (bad) or an invalid password hash (good). > > Either way it is either dangerous or useless as is. My personal preference > would be to create a user account for yourself (avoid a role account) give > it a password, distribute an authorized key and require a password for > sudo. This is marginally less convenient in that you need to provide a > password but aids auditing and allows for multiple admins to run ansible as > themselves. > > Adam > On Apr 21, 2014 7:03 AM, "Strahinja Kustudić" > <[email protected]<javascript:>> > wrote: > >> As Adam mentioned, don't just copy this playbook, it is just an example >> and it is missing either setting a password, or an authorized_keys file for >> the ansible user. >> >> I would also like to mention that having a user without a password which >> can run commands as root without typing a password is harmless. If a user >> that doesn't have a password, no one can log in like that user. >> >> On Monday, April 21, 2014 3:50:42 PM UTC+2, Adam Morris wrote: >>> >>> Yes... but please don't just copy that playbook. >>> >>> That gives you a passwordless user that can run commands as root without >>> a password. The user module can take a password hash, and authorized keys >>> can also be set up. >>> >>> Adam >>> >>> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/rpzQhE66ex0/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected] <javascript:>. >> To post to this group, send email to [email protected]<javascript:> >> . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/9549dfee-9998-40f8-8cf1-7f14a80270cb%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/9549dfee-9998-40f8-8cf1-7f14a80270cb%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7bd2676d-e313-40fa-aa80-da1545083a93%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
