Issue #13955 has been updated by Gary Larizza.
Yeah, so re-implementing the should method requires doing it for the password property of the user type, which is bad. I think the solution here is to document this and only use lower-case letters in the password hash on 10.7. You CAN use upper-case letters, but it's going to refresh every time (and the password will actually work just fine). The function in stdlib to build hashes outputs lowercase letters, and Apple itself will output a hash with lowercase letters, so we're gonna stick with that :) ---------------------------------------- Bug #13955: applying the same user resource triggers a "changed password" notice every time https://projects.puppetlabs.com/issues/13955#change-61134 Author: Clay Caviness Status: Investigating Priority: Normal Assignee: Gary Larizza Category: Target version: Affected Puppet version: Keywords: Branch: On a Mac OS X 10.7.3 machine running puppet 2.7.12, applying the exact same user resource triggers a "changed password" notice on every run. Here's some sample output with a test user and a throwaway hash (password 'b'): <pre> $ sudo puppet apply user { 'testuser': ensure => 'present', comment => 'testuser', home => '/Users/testuser', password => 'B5B66261296695D4A530BD3E1FA59524B5AABE534015FD2838F11B89ABE33A3DBF1A9AE8C84BF56CE7CAC52A5E485047F6426AE2090FE1DF093FBEC9E411731983F2C95E', shell => '/bin/bash', uid => '1000', } notice: /Stage[main]//User[testuser]/ensure: created notice: Finished catalog run in 4.88 seconds $ sudo puppet apply user { 'testuser': ensure => 'present', comment => 'testuser', home => '/Users/testuser', password => 'B5B66261296695D4A530BD3E1FA59524B5AABE534015FD2838F11B89ABE33A3DBF1A9AE8C84BF56CE7CAC52A5E485047F6426AE2090FE1DF093FBEC9E411731983F2C95E', shell => '/bin/bash', uid => '1000', } notice: /Stage[main]//User[testuser]/password: changed password notice: Finished catalog run in 0.60 seconds </pre> I've attached full output of `sudo ruby --debug /usr/bin/puppet apply --color no --trace --debug`. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
