Olivier.
here is what the password part of our user resources looks like.
The actual command is just a wrapper around finding the crypt and
returning something appropriate.
password => generate('/site/bin/getups', '-u', "$name"),
Make sure the script you are calling with generate returns a shadow
entry without a trailing newline. I would also make sure the script
never returns an empty string or any OS specific values that would
create a shell account without a password.
As jeff mentioned you'll run into some permissions problems so
you'll need to either have an independent process dumping user/hashes
to file readable by the puppet user or allow puppet to read the shadow
file via sudo or something.
HTH
On Jan 29, 8:20 pm, Aaron Grewell <[email protected]> wrote:
> Since it's the shell redirection that Puppet seems not to like, why not
> wrap the commands in a shell script and use generate on that?
> On Jan 29, 2012 6:18 PM, "Olivier" <[email protected]> wrote:
>
>
>
>
>
>
>
> > and then lookup the hash in the /etc/shadow file
> > > or use the mkpasswd utility (with which I am not familiar)
>
> > > Once you have the hashed value of your desired clear text password
> > > you can copy&paste that in the user definition.
>
> > > -Stefan
>
> > your answer is just the text of my original question. So the question
> > still stands: how do I get the hashed value from /etc/shadow?
>
> > Here is the background of my problem. I have 40 puppet clients and one
> > master. The password of each user expires after 90 days. Instead of
> > changing their password manually on 40 different servers by logging
> > into each server,each user will have to change his/her password on the
> > puppet server only and Puppet will replicate the hash value on each
> > puppet client. Obviously I will never know the user's password and am
> > not interested in replicating the root password. NIS and LDAP are not
> > an option.
>
> > Thank you.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to [email protected].
> > To unsubscribe from this group, send email to
> > [email protected].
> > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
