On Wed, May 23, 2018 at 8:24 AM, Werner Flamme <werner.fla...@ufz.de> wrote: > shaolon...@hotmail.com [23.05.2018 13:24]: >> Hello everybody, >> >> I am using Ansible user module to create Aix machine account. I found >> that the new created user can't login Aix machine. >> >> The below is my some test step; >> 1. Generate a crypted password by ansible provided method. The >> cleartext password is "123456" >> http://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module >> 2. Use below command to create a new Aix user successful. >> ansible 192.168.2.*** -m "user" -a "state=present name=ray >> password=$6$PbSwE6eWakaP9VSl$GjZhuR5.6ICTM6K/.91gss2iYbhJoLU1B51XXqxCMIcVi17IMAegxlcfWNfWkuYkldRuKJLw9xjTp/F4.hFYq0" >> 3. Login Aix machine with the new user failed. The reason is error >> password. >> >> If we get a crypted password by Aix from /etc/security/passwd, replace the >> above password that was crypted by ansible doc with the new crypted >> password. We can login Aix with new account. >> >> So, the issue reason should be Aix machine can't accept the cryted password >> that is generated by referring Ansible doc. >> How can we generate a correctly password for Aix machine? Thank a lot. > > Currently, you use the SHA512 algorithm to create a password, this is > recognized by $6$ at the beginning of the string. > > When you create a user manually, how does the password string look like? > > $1$ -> crypt; $2$, $2a$, $2y$ -> blowfish; $5$ -> sha256, $6$ -> sha512 > > Maybe your AIX does not support sha512 passwords, so you must look at > the hashing that is possible. If you create a user locally and the > password starts with $2y$, you have to create the ansible password with > blowfish algorithm instead of sha512. > I always assume the OS will use the strongest encryption on the root pw, which is why I was suggesting to look again at /etc/security/passwd. Then try whatever it used for root.
> HTH, Werner > > -- > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To post to this group, send email to ansible-project@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/8c35cc62-c417-e1e3-ac49-d1f6841e1fe7%40ufz.de. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAHEKYV4%2B1QQ%3DgqbKwYLFzAQQDQ_QRePs0s4185Twg7Fs%3DoZ90Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
