[Puppet Users] Re: Creating Users and Hashing it's password.
password => sha1('your password') On Thursday, June 9, 2011 at 12:38:36 AM UTC+5:30, vella1tj wrote: > > Hi everyone I would like to first of all say thanks to anyone willing > to help me. > > I was tasked with creating a Admin account using puppet to push to all > of our Macs that we have deployed around the Campus. > > user {'sysop': > #uid => 500, > #groups => 'admin', > comment=> 'Sysop', > ensure=> present, > home => '/home/sysop', > shell => '/bin/bash', > managehome => true, > password=> 'Haven't figured out the best way to > hash > a password and put it in here., > } > > That's what I have so far, I don't believe I understand how Hash works > completely. The way I understand it is it will have a hash in the > password field and it will compare it to other hashes to match what > the password would be. So what I was hoping to get help on (or > anything i've done wrong or you would recommend me doing different) is > how do i set a resource for the hash do i put it in my files directory > and then point it to there is there anything special I have to do > so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7c04c981-9fdb-42a8-9114-60f47897e762%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Creating Users and Hashing it's password.
You could also use the built in sha1 function to let puppet generate the hashed version for you. Like this: user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= sha1('plaintextpasswordhere'), } On Wednesday, June 8, 2011 9:08:36 PM UTC+2, vella1tj wrote: Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Creating Users and Hashing it's password.
On Sun, Jun 12, 2011 at 10:42 AM, Alexandre Martani amart...@gmail.comwrote: On Ubuntu/Debian, you can generate the hash using: mkpasswd -m sha-512 I don't know if it works on Mac, but the output of it looks like the same as the examples posted on this topic, so I think it should work. Mac OS X has a more complex password hash with required zero padding that is rather annoying. user { 'demo': ensure = 'present', comment = 'demo', gid = '20', home = '/Users/demo', password = 'E2FA8B0FC98C9C3D20C346F59145BAF0BBF2352709CF', shell= '/bin/bash', uid = '502', } Told you it was annoying :) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Creating Users and Hashing it's password.
Yep, I figured it out thanks to you guys. Now it's just getting that darn home folder to get created:) Again thanks for the replies you guys are awesome. On Jun 13, 9:56 am, Nigel Kersten ni...@puppetlabs.com wrote: On Sun, Jun 12, 2011 at 10:42 AM, Alexandre Martani amart...@gmail.comwrote: On Ubuntu/Debian, you can generate the hash using: mkpasswd -m sha-512 I don't know if it works on Mac, but the output of it looks like the same as the examples posted on this topic, so I think it should work. Mac OS X has a more complex password hash with required zero padding that is rather annoying. user { 'demo': ensure = 'present', comment = 'demo', gid = '20', home = '/Users/demo', password = '00 000 000E2FA8B0FC98C9C3D20C346F59145BAF0BBF2352709CF 000 000 000 000 000 000 000 000 000 000 000 000 000 0', shell = '/bin/bash', uid = '502', } Told you it was annoying :) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Creating Users and Hashing it's password.
On Ubuntu/Debian, you can generate the hash using: mkpasswd -m sha-512 I don't know if it works on Mac, but the output of it looks like the same as the examples posted on this topic, so I think it should work.* * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/xhepExgRm0AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Creating Users and Hashing it's password.
Thank you all for the quick responses I really do appreciate it, you guys are awesome!!! On Jun 8, 5:38 pm, Nigel Kersten ni...@puppetlabs.com wrote: On Wed, Jun 8, 2011 at 2:38 PM, Nigel Kersten ni...@puppetlabs.com wrote: On Wed, Jun 8, 2011 at 2:11 PM, Denmat tu2bg...@gmail.com wrote: Hi, If your password hash has any $ in it the ... will puppet make try to expand it. You need password = '$1$effggfdg' (single quotes). I like using puppet resource for this. Set the password for an account, and use puppet resource to generate the manifest, removing the attributes you don't want to manage. I forgot to show the actual command: $ puppet resource user nigel user { 'nigel': ensure = 'present', comment = 'nigel,,,', gid = '1000', groups = ['dialout', 'cdrom', 'floppy', 'audio', 'video', 'plugdev'], home = '/home/nigel', password = '$6$fPUohVXH$bYZY38RJIKKUK9fF6U/taOZfOwFdRoBnRkZOV71lGIWVMj96nOwWOAMp5EGbfJ UjbrnHP/EvszbRkZgWYRkL3.', password_max_age = '9', password_min_age = '0', shell = '/bin/bash', uid = '1000', } That's a test account. The password is trivial enough that you can probably crack it :) cheers, Den On 09/06/2011, at 5:18, vella1tj vella...@gmail.com wrote: so If I changed it to user {'sysop': #uid = 500, #groups = 'admin', comment = 'Sysop', ensure = present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password = Hash } Hash being the hash from /etc/shadow that would be all I needed? On Jun 8, 3:12 pm, Nathan Clemons nat...@livemocha.com wrote: What I do is set the password on one host, and then copy the hash out of /etc/shadow into the Puppet definition to be set on the other hosts. By default the Puppet providers expect that the password field will be hashed as used on the system, not plaintext. -- Nathan Clemonshttp://www.livemocha.com The worlds largest online language learning community On Wed, Jun 8, 2011 at 12:08 PM, vella1tj vella...@gmail.com wrote: Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment = 'Sysop', ensure = present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password = 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To
[Puppet Users] Re: Creating Users and Hashing it's password.
so If I changed it to user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= Hash } Hash being the hash from /etc/shadow that would be all I needed? On Jun 8, 3:12 pm, Nathan Clemons nat...@livemocha.com wrote: What I do is set the password on one host, and then copy the hash out of /etc/shadow into the Puppet definition to be set on the other hosts. By default the Puppet providers expect that the password field will be hashed as used on the system, not plaintext. -- Nathan Clemonshttp://www.livemocha.com The worlds largest online language learning community On Wed, Jun 8, 2011 at 12:08 PM, vella1tj vella...@gmail.com wrote: Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment = 'Sysop', ensure = present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password = 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Creating Users and Hashing it's password.
Hi, If your password hash has any $ in it the ... will puppet make try to expand it. You need password = '$1$effggfdg' (single quotes). cheers, Den On 09/06/2011, at 5:18, vella1tj vella...@gmail.com wrote: so If I changed it to user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= Hash } Hash being the hash from /etc/shadow that would be all I needed? On Jun 8, 3:12 pm, Nathan Clemons nat...@livemocha.com wrote: What I do is set the password on one host, and then copy the hash out of /etc/shadow into the Puppet definition to be set on the other hosts. By default the Puppet providers expect that the password field will be hashed as used on the system, not plaintext. -- Nathan Clemonshttp://www.livemocha.com The worlds largest online language learning community On Wed, Jun 8, 2011 at 12:08 PM, vella1tj vella...@gmail.com wrote: Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Creating Users and Hashing it's password.
On Wed, Jun 8, 2011 at 2:11 PM, Denmat tu2bg...@gmail.com wrote: Hi, If your password hash has any $ in it the ... will puppet make try to expand it. You need password = '$1$effggfdg' (single quotes). I like using puppet resource for this. Set the password for an account, and use puppet resource to generate the manifest, removing the attributes you don't want to manage. user { 'nigel': ensure = 'present', comment = 'nigel,,,', gid = '1000', groups = ['dialout', 'cdrom', 'floppy', 'audio', 'video', 'plugdev'], home = '/home/nigel', password = '$6$fPUohVXH$bYZY38RJIKKUK9fF6U/taOZfOwFdRoBnRkZOV71lGIWVMj96nOwWOAMp5EGbfJUjbrnHP/EvszbRkZgWYRkL3.', password_max_age = '9', password_min_age = '0', shell= '/bin/bash', uid = '1000', } That's a test account. The password is trivial enough that you can probably crack it :) cheers, Den On 09/06/2011, at 5:18, vella1tj vella...@gmail.com wrote: so If I changed it to user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= Hash } Hash being the hash from /etc/shadow that would be all I needed? On Jun 8, 3:12 pm, Nathan Clemons nat...@livemocha.com wrote: What I do is set the password on one host, and then copy the hash out of /etc/shadow into the Puppet definition to be set on the other hosts. By default the Puppet providers expect that the password field will be hashed as used on the system, not plaintext. -- Nathan Clemonshttp://www.livemocha.com The worlds largest online language learning community On Wed, Jun 8, 2011 at 12:08 PM, vella1tj vella...@gmail.com wrote: Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Creating Users and Hashing it's password.
On Wed, Jun 8, 2011 at 2:38 PM, Nigel Kersten ni...@puppetlabs.com wrote: On Wed, Jun 8, 2011 at 2:11 PM, Denmat tu2bg...@gmail.com wrote: Hi, If your password hash has any $ in it the ... will puppet make try to expand it. You need password = '$1$effggfdg' (single quotes). I like using puppet resource for this. Set the password for an account, and use puppet resource to generate the manifest, removing the attributes you don't want to manage. I forgot to show the actual command: $ puppet resource user nigel user { 'nigel': ensure = 'present', comment = 'nigel,,,', gid = '1000', groups = ['dialout', 'cdrom', 'floppy', 'audio', 'video', 'plugdev'], home = '/home/nigel', password = '$6$fPUohVXH$bYZY38RJIKKUK9fF6U/taOZfOwFdRoBnRkZOV71lGIWVMj96nOwWOAMp5EGbfJUjbrnHP/EvszbRkZgWYRkL3.', password_max_age = '9', password_min_age = '0', shell= '/bin/bash', uid = '1000', } That's a test account. The password is trivial enough that you can probably crack it :) cheers, Den On 09/06/2011, at 5:18, vella1tj vella...@gmail.com wrote: so If I changed it to user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= Hash } Hash being the hash from /etc/shadow that would be all I needed? On Jun 8, 3:12 pm, Nathan Clemons nat...@livemocha.com wrote: What I do is set the password on one host, and then copy the hash out of /etc/shadow into the Puppet definition to be set on the other hosts. By default the Puppet providers expect that the password field will be hashed as used on the system, not plaintext. -- Nathan Clemonshttp://www.livemocha.com The worlds largest online language learning community On Wed, Jun 8, 2011 at 12:08 PM, vella1tj vella...@gmail.com wrote: Hi everyone I would like to first of all say thanks to anyone willing to help me. I was tasked with creating a Admin account using puppet to push to all of our Macs that we have deployed around the Campus. user {'sysop': #uid = 500, #groups = 'admin', comment= 'Sysop', ensure= present, home = '/home/sysop', shell = '/bin/bash', managehome = true, password= 'Haven't figured out the best way to hash a password and put it in here., } That's what I have so far, I don't believe I understand how Hash works completely. The way I understand it is it will have a hash in the password field and it will compare it to other hashes to match what the password would be. So what I was hoping to get help on (or anything i've done wrong or you would recommend me doing different) is how do i set a resource for the hash do i put it in my files directory and then point it to there is there anything special I have to do so puppet understands that it's hash. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.