Issue #12833 has been updated by bruce lysik.
Ben Ford wrote:
My client this week will be hit by this when we try to manage users tomorrow.
I'm going to attempt to backport this tonight
Can you submit this back port? Would love to have this fixed in 2.7.x
Issue #12833 has been updated by Jeff McCune.
bruce lysik wrote:
Ben Ford wrote:
My client this week will be hit by this when we try to manage users
tomorrow. I'm going to attempt to backport this tonight
Can you submit this back port? Would love to have this fixed in 2.7.x
Issue #12833 has been updated by Clay Caviness.
We're not on 3.x yet because our puppetmasters aren't there yet (and they're
not there yet because it's a big change and we need to be very careful), and
there's no backwards compatibility for 3.x clients and 2.7.x servers.
But it's a really
Issue #12833 has been updated by Ben Ford.
My client this week will be hit by this when we try to manage users tomorrow.
I'm going to attempt to backport this tonight
Bug #12833: Password property for User type is broke in OS X 10.8
Issue #12833 has been updated by Matthaus Owens.
Released in Puppet 3.0.2-rc1
Bug #12833: Password property for User type is broke in OS X 10.8
https://projects.puppetlabs.com/issues/12833#change-78096
Author: Gary Larizza
Status: Merged - Pending
Issue #12833 has been updated by Jeff McCune.
# Updated
The second part of this fix captured in
https://github.com/puppetlabs/puppet/pull/1306 has been merged into 3.0.x as
the change set encompassed by merge commit 76779bc.
-Jeff
Bug #12833:
Issue #12833 has been updated by Gary Larizza.
Branch changed from https://github.com/puppetlabs/puppet/pull/1266 to
https://github.com/puppetlabs/puppet/pull/1306
Clay found an edge-case wherein a 10.6-style user that existed on a 10.8
machine, who had NEVER logged into the machine after it
Issue #12833 has been updated by Gary Larizza.
Thanks for catching that, Josh. I've never worked with provider features, but
I pushed up some code according to what I saw in the user type. It's here --
https://github.com/glarizza/puppet-1/commit/87ac6e4ac66e444d476a4a15d3eb8bed709fcd48
Issue #12833 has been updated by eric sorenson.
Target version changed from 3.x to 3.0.2
I got another confirmation from questy on IRC today that this fixed problems
running on Mountain Lion.
Bug #12833: Password property for User type is broke in OS X
Issue #12833 has been updated by Jeff McCune.
Branch changed from
https://github.com/glarizza/puppet-1/tree/bug/master/12833_user_refactor to
https://github.com/puppetlabs/puppet/pull/1266
Bug #12833: Password property for User type is broke in OS X
Issue #12833 has been updated by Jeff McCune.
# Request for comment
This bug fix will be released with Puppet 3.0.2.
Merged into master as 960ab6b and 3.0.x as 94e2032. There are two commits
because I had to rebase 3.0.x after a non-fast-forward conflict occured in
3.0.x and not master.
Issue #12833 has been updated by David Schargel.
Fixes at https://github.com/puppetlabs/puppet/pull/1266/files worked for me
under Mountain Lion OS X 10.8.2 with rbenv ruby 1.9.3-p327 and gems facter
(1.6.14), hiera (1.1.1), and puppet (3.0.1). Thanks!
Issue #12833 has been updated by Gary Larizza.
Branch changed from
https://github.com/glarizza/puppet-1/tree/feature/osx_dscl_providers/optimization
to https://github.com/glarizza/puppet-1/tree/bug/master/12833_user_refactor
I've pushed up my changes, re-added the old group provider and
Issue #12833 has been updated by Clay Caviness.
File puppet-3-ds-error.txt added
I just grabbed a .zip of that branch and installed the pkg it created. I'm
seeing issues, though, creating users when specifying a numeric gid. Also,
changes to an existing user may not apply, as it's using `dscl
Issue #12833 has been updated by Gary Larizza.
Thanks Clay,
I made a simple fix:
pre
- if (attribute == :gid) and (not(value =~ /^[-0-9]+$/))
+ if (attribute == :gid) and value.class == 'Fixnum'
/pre
I forgot that the gid value gets munged as a Fixnum if it's specified as an
Issue #12833 has been updated by Clay Caviness.
Seems to fix it. I'll back-port to 2.7.19 (our servers are still on 2.7.x) and
do some more tests, but looking good!
Bug #12833: Password property for User type is broke in OS X 10.8
Issue #12833 has been updated by Cory Logan.
Sorry if I'm asking this question on the wrong place. I have the same issue,
and noticed that the the updates to puppet aren't available in the apt repo
version of puppet that I have installed (3.0.1). Just wondering how I would
patch my copy of
Issue #12833 has been updated by Clay Caviness.
Any updates on this, Gary?
Bug #12833: Password property for User type is broke in OS X 10.8
https://projects.puppetlabs.com/issues/12833#change-71643
Author: Gary Larizza
Status: In Topic Branch Pending
Issue #12833 has been updated by Gary Larizza.
This branch has been working for me --
https://github.com/glarizza/puppet-1/tree/feature/osx_dscl_providers/optimization
but I've yet to write all the tests for it, so I haven't yet submitted it to
be merged.
Issue #12833 has been updated by Clay Caviness.
Great, I'll give that a try and let you know - thanks.
Bug #12833: Password property for User type is broke in OS X 10.8
https://projects.puppetlabs.com/issues/12833#change-71645
Author: Gary Larizza
Issue #12833 has been updated by Clay Caviness.
I patched that in to 2.7.18 (not ready for 3.x yet) and it does seem to work! I
can get a list of group resources, and i'm able to read/change password hashes
for users. I'm going to deploy this to our unstable group and will let you know
if
Issue #12833 has been updated by Gary Larizza.
Awesome! DO NOTE that it doesn't address any group providers (yet) - it's a
total refactor for the user provider. I'm assuming that groups will fall-back
to the provider in lib/puppet/provider/nameservice/directoryservice.rb, and
that should
Issue #12833 has been updated by Nate Walck.
I recently started testing Puppet 2.7.19/Facter 1.6.11 on a OS X 10.8.1 Server
VM. While getting a very basic setup going, I ran into the following issues:
* When running 'puppetmasterd --mkusers' I got the following error:
`sh-3.2# puppetmasterd
Issue #12833 has been updated by Clay Caviness.
I'm seeing this with your full patch (puppet 3.x) as well:
pre
$ sudo puppet resource group --debug --trace
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::Group::ProviderLdap: true value when expecting false
Debug:
Issue #12833 has been updated by Gary Larizza.
Yep, I neglected to take into account that the directoryservice provider also
handles group behavior. I've closed the pull request for now and am putting
the work into a total rewrite of the user/group provider on OS X
Issue #12833 has been updated by Clay Caviness.
Does this work for groups? I'm just testing this by patching against 2.7.18 -
I'll do a test with the full pull tomorrow - but this seems to be unhappy about
groups:
pre
$ sudo puppet resource group --debug --trace
debug: Failed to load library
Issue #12833 has been updated by Gary Larizza.
Okay, made the changes to my topic branch --
https://github.com/glarizza/puppet-1/tree/bug/master/12833_OSX_PBKDF2_UPDATE
and this code should allow you to take an upgraded user in 10.8 and replace its
password with a 10.8-style PBKDF2 Password.
Issue #12833 has been updated by Gary Larizza.
Target version set to 3.x
Changes have been committed, tests are updated, and I added tests to account
for the update scenarios. Everything is in my topic branches and I've filed a
Pull Requst at -- https://github.com/puppetlabs/puppet/pull/981
Issue #12833 has been updated by Dustin Mitchell.
Sorry, someone else will need to test upgrading - I don't have any facility for
doing that.
Bug #12833: Password property for User type is broke in OS X 10.8
Issue #12833 has been updated by Dustin Mitchell.
Ah, I stumbled across a case where I do need to do upgrades - a root user.
Even with your changes, I'm getting undefined method `string=' for nil:NilClass
at
def self.set_salted_sha512_pbkdf2(resource_name, field, value,
Issue #12833 has been updated by Gary Larizza.
So here are my thoughts:
I used 'converted_hash_plist' to store the binary plist that you get from the
'ShadowHashData' key out of the User's plist (of course, it's converted to a
native hash when I shuttle it around). The TRUE determination of
Issue #12833 has been updated by Dustin Mitchell.
That's exactly what I would suggest, so have at it.
It will be helpful for me if you can push new commits on top of the existing,
rather than squashing. It makes it easier to see what's changed for review
purposes, and a selfish reason: I'm
Issue #12833 has been updated by Dustin Mitchell.
I'll give this a try. We're waiting on this functionality too
(https://bugzilla.mozilla.org/show_bug.cgi?id=776641)
Bug #12833: Password property for User type is broke in OS X 10.8
Issue #12833 has been updated by Gary Larizza.
I think the biggest worry is going to be on UPGRADED users from a 10.7 - 10.8
or a 10.6 - 10.8 upgrade (since Apple doesn't actually CHANGE the hash until
the user changes their password). I'm keen on having people test this
functionality to
Issue #12833 has been updated by Gary Larizza.
@dustin - do you have a link to a Puppet ticket for the other OS X
functionality you're waiting to be repaired? Is there a UID issue with 10.8,
or just OS X in general, that's causing you issues?
Bug
Issue #12833 has been updated by Dustin Mitchell.
So, one problem (found while trying to figure out what I should pass for a
password):
bash-3.2# puppet resource user cltbld
/Library/Ruby/Site/1.8/puppet/provider/nameservice/directoryservice.rb:434:in
`get_salted_sha512_pbkdf2':
Issue #12833 has been updated by Dustin Mitchell.
OK, results!
bash-3.2# cat user.pp
user {
'testuser2':
shell = /bin/bash,
comment = test123,
password = '8c..c0',
salt = '04634d9271358c574d1fef08ba494fd4973b9cff8f383415208d22c7c69a026e',
iterations = 26178;
Issue #12833 has been updated by Dustin Mitchell.
This seems to fix the ensuring problems:
diff --git a/modules/users/lib/puppet/type/darwinuser.rb
b/modules/users/lib/puppet/type/darwinuser.rb
index 4f7a2dd..feefbf9 100755
--- a/modules/users/lib/puppet/type/darwinuser.rb
+++
Issue #12833 has been updated by Dustin Mitchell.
Wow, sorry, redmine made a hash of that! This is adding a munge for the
'iterations' property to turn it into an integer.
Bug #12833: Password property for User type is broke in OS X 10.8
Issue #12833 has been updated by Gary Larizza.
This makes sense, yes. Let me merge that in and test it out.
Also, re: your cltbld user - is that a user that existed in 10.7 that was
recently upgraded to 10.8? I'm assuming it's had the old-style hash and THAT'S
why we're getting a Nil
Issue #12833 has been updated by Clay Caviness.
File testuser.plist added
This doesn't work with 10.7-style users, which would exist on an upgraded
machine.
pre
$ sudo puppet resource user --debug --trace
[...]
Debug: Executing '/usr/bin/dscl -plist . -list /Users'
Debug: Executing
Issue #12833 has been updated by Gary Larizza.
I just force-pushed some new code to my branch here --
https://github.com/glarizza/puppet-1/tree/bug/master/12833_OSX_PBKDF2_UPDATE
Please give this a try and see if it can read a password hash for an upgraded
user?
The next thing to focus on
Issue #12833 has been updated by Gary Larizza.
Private changed from Yes to No
Bug #12833: Password property for User type is broke in OS X 10.8
https://projects.puppetlabs.com/issues/12833#change-67630
Author: Gary Larizza
Status: In Topic Branch
Issue #12833 has been updated by Gary Larizza.
Description updated
Bug #12833: Password property for User type is broke in OS X 10.8
https://projects.puppetlabs.com/issues/12833#change-67632
Author: Gary Larizza
Status: In Topic Branch Pending Review
Issue #12833 has been updated by Gary Larizza.
Keywords changed from password user mac mountain lion os x NDA to password user
mac mountain lion os x
Cleaned up this ticket as the NDA expires with the release of 10.8. We need to
re-visit this and see if we can't get it merged.
Issue #12833 has been updated by Clay Caviness.
Yes, please. I'll help any way I can.
Bug #12833: Password property for User type is broke in OS X 10.8
https://projects.puppetlabs.com/issues/12833#change-67634
Author: Gary Larizza
Status: In Topic
Issue #12833 has been updated by Gary Larizza.
Branch changed from
https://github.com/glarizza/puppet-1/tree/bug/master/12833_OS_X_PBKDF2 to
https://github.com/glarizza/puppet-1/tree/bug/master/12833_OSX_PBKDF2_UPDATE
Clay, I updated my branch here --
Issue #12833 has been updated by Gary Larizza.
Affected Puppet version changed from 2.7.11 to 3.0.0rc3
Bug #12833: Password property for User type is broke in OS X 10.8
https://projects.puppetlabs.com/issues/12833#change-67636
Author: Gary Larizza
Issue #12833 has been updated by Gary Larizza.
Okay, so I actually committed the tests, ran them, and things are passing for
me. Check it out on 10.8 and let me know if this works.
Bug #12833: Password property for User type is broke in OS X 10.8
Issue #12833 has been updated by Zach Leslie.
Private changed from Yes to No
Bug #12833: Password property for User type is broke in OS X 10.8
https://projects.puppetlabs.com/issues/12833#change-61140
Author: Gary Larizza
Status: In Topic Branch
50 matches
Mail list logo
