#1186: if not using shadowed passwords then password will be set on every run
---------------------------------+------------------------------------------
Reporter: micah | Owner: community
Type: defect | Status: new
Priority: normal | Component: library
Version: 0.24.4 | Severity: normal
Keywords: password shadow User | Stage: Unreviewed
Patch: None | Complexity: Unknown
---------------------------------+------------------------------------------
I have a node that sets the password for users on every run, and thus I
see this:
{{{
Apr 10 08:48:35 secondary puppetd[17418]:
(//Node[secondary]/Account[jessie]/User[jessie]/password) defined
'password' as
'$1$xxxxxxxxxxxxxxxxxxxxxxxx'
Apr 10 08:48:35 secondary usermod[18097]: change user `jessie' password
}}}
(password was replaced by xxxxxxxx}
I've got a component setup to manage users, it looks like this:
{{{
define account ( $homeroot="/home", $shell="/bin/bash", $uid, $gid,
$ingroups = [ "adm", "users", "dialout" ], $password, $fullname=$name,
$ensure=present )
{
group { $name:
name => $name,
gid => $gid,
ensure => present,
allowdupe => false
}
user { $name:
uid => $uid,
gid => $name,
comment => $name,
home => "${homeroot}/$name",
shell => $shell,
ensure => $ensure,
groups => $ingroups,
password => $password,
allowdupe => false,
require => Group[$name]
}
file { "${homeroot}/$name":
ensure => directory,
owner => $name, group => $name, mode => 750,
require => User[$name]
}
}}}
Then I am doing the following:
{{{
account {
"jessie": uid => 1005, gid => 1011, password =>
'$1$xxxxxxxxxxxxxxxxxxxxxxxx';
}
}}}
This behavior is only witnessed on those machines that do not have
shadowed passwords enabled. This is an optional setting in Debian, and can
be changed by running:
{{{
# dpkg-reconfigure passwd
}}}
and then answering yes/no to the question about enabling shadowed
passwords.
I want shadowed passwords enabled, so the fact that this happened made me
find out that they were not enabled on these machines and I've changed
them and now I don't get the password being set on every run as before.
However it seems possible that others may want shadow passwords disabled
and may run into this problem, so I figured it was best to report it for
those wondering what is going on.
--
Ticket URL: <http://reductivelabs.com/trac/puppet/ticket/1186>
puppet <http://reductivelabs.com>
Puppet - Portable System Automation
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
