So I've been doing some work on the directoryservice nameservice provider, which we haven't been using for user resources on the Mac for various reasons that I'm hoping to address.
One thing struck me, which is that it's undesirable to have the same attribute "password" to manage hashes and cleartext passwords in puppet manifests. (the docs at http://reductivelabs.com/trac/puppet/wiki/TypeReference#id222 could do with some updating once I'm sure which providers use clear text and which use a hash for the password) so if I have it right, these providers can manage passwords netinfo: clear text directoryservice: clear text ldap: clear text useradd: hash user_role_add: hash With the refactoring I'm working on for the directoryservice provider, we could easily have the choice of *either* a hash or a clear text password, and I imagine we could do the same thing with some of the other providers. Anyway, comments? Am I the only one bothered by this? I think I see three main options: a) Make the password attribute hash only, create another attribute for clear text b) Make the password attribute clear only, create another attribute for hashes c) Leave the attribute alone for legacy reasons, create two new attributes for the hash and clear text password types. a) is possibly problematic for ldap ? b) isn't feasible for all providers c) is kind of ugly but perhaps more explicit. -- Nigel Kersten Systems Administrator Tech Lead - MacOps --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
