Issue #13026 has been updated by Sean Millichamp.
I thought about this overnight and I'd like to suggest that while it would be nice to be able to set a hash for a Windows password that maybe the Puppet-y problem that should be solved here is more general. There are surely other instances of passwords or other key material that people are (or would like to) use Puppet for. Maybe there needs to be some per-type/per-parameter way in the code of marking it as a "secret" value and then the Puppetmaster will take the additional step of encrypting/obfuscating the password (something more sophisticated than a ROT13 or a Base64 encode, of course) and the Puppet agent will undo it, but anything reported or written to disk for that field will contain the masked/encrypted/obfuscated value. Perhaps the existing establish SSL keypairs could be used by the Puppetmasters to encrypt to the clients in the values of these secret fields. Anyone using an interface such as dashboard simply for reporting purposes would presumably not have (easy) access to that key material. Just a thought. ---------------------------------------- Feature #13026: Manage user passwords on Windows without passing clear-text passwords in manifests/catalogs/reports https://projects.puppetlabs.com/issues/13026#change-61614 Author: Nigel Kersten Status: Investigating Priority: Normal Assignee: Category: windows Target version: Affected Puppet version: Keywords: windows user password Branch: We don't currently know how to do this. With the user resource type on Windows, the only ability we have to manage passwords for local users is to pass a clear-text password in the manifests, which will show up in catalogs and reports. Unlike our other supported operating systems, we have no ability to just manage the hash of the password on Windows, and have not found any APIs which allow us to do so. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
