Issue #7500 has been updated by Chris van der Wel.
Actually there are two issues, not only the password expiry date is set to the
past, but also the password is not set. The patch above fixes the first issue
with the expiry date, but the password is still not set when a new user is
created. When I run puppet agent again, the password is correctly updated.
I used the following manifest:
user{'testuser':
uid => 9999,
gid => 'testgroup',
password => 'encryptedpasswordstring',
}
The command which is executed is:
debug: User[testuser](provider=pw): Executing '/usr/sbin/pw useradd
testuser -p encryptedpasswordstring -u 9999 -g testgroup'
Then this user entry is created:
testuser:*:9999:9999::1317333600:0:User &:/home/testuser:/bin/sh
But it should be:
testuser:encryptedpasswordstring:9999:9999::0:0:User
&:/home/testuser:/bin/sh
So the pw command should be executed also with the -H parameter like when a
password is updated.
----------------------------------------
Bug #7500: Don't let pw provider use -p
https://projects.puppetlabs.com/issues/7500
Author: Douglas Rand
Status: Investigating
Priority: Normal
Assignee: Ben Hughes
Category: FreeBSD
Target version:
Affected Puppet version: 2.6.7
Keywords: freebsd pw password
Branch:
The -p option to pw is documented as:
<pre>
-p date Set the account's password expiration date. This field is
similar to the account expiration date option, except that
it applies to forced password changes. This is set in the
same manner as the -e option.
</pre>
But provider/user/pw.rb takes the first character of each property as
the option to pw (through provider/nameservice/objectadd.rb I think).
The problem is that that sets the password as expiring now().
Here is a patch to ignore the password property, which is already
handled via cryptpw in pw.rb:
<pre>
--- pw.rb-orig 2011-05-12 16:47:24.000000000 -0500
+++ pw.rb 2011-05-12 16:47:16.000000000 -0500
@@ -24,7 +24,7 @@
def addcmd
cmd = [command(:pw), "useradd", @resource[:name]]
@resource.class.validproperties.each do |property|
- next if property == :ensure
+ next if property == :ensure or property == :password
# the value needs to be quoted, mostly because -c might
# have spaces in it
if value = @resource.should(property) and value != ""
</pre>
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
