Puppet users - Jun 2011 - Creating Users and Hashing it's password.

Hi everyone I would like to first of all say thanks to anyone willing
to help me.

I was tasked with creating a Admin account using puppet to push to all
of our Macs that we have deployed around the Campus.

user {''sysop'':
      	    #uid                   => 500,
 	    #groups              => ''admin'',
                comment        => ''Sysop'',
                ensure            => present,
                home              => ''/home/sysop'',
                shell               => ''/bin/bash'',
	    managehome      => true,
	    password            => ''Haven''t figured out the best
way to hash
a password and put it in here.,
	}

That''s what I have so far, I don''t believe I understand how
Hash works
completely. The way I understand it is it will have a hash in the
password field and it will compare it to other hashes to match what
the password would be. So what I was hoping to get help on (or
anything i''ve done wrong or you would recommend me doing different) is
how do i set a resource for the hash do i put it in my files directory
and then point it to there.... is there anything special I have to do
so puppet understands that it''s hash.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

What I do is set the password on one host, and then copy the hash out of
/etc/shadow into the Puppet definition to be set on the other hosts.

By default the Puppet providers expect that the password field will be
hashed as used on the system, not plaintext.

--
Nathan Clemons
http://www.livemocha.com
The worlds largest online language learning community



On Wed, Jun 8, 2011 at 12:08 PM, vella1tj <vella1tj@gmail.com> wrote:
> Hi everyone I would like to first of all say thanks to anyone willing
> to help me.
>
> I was tasked with creating a Admin account using puppet to push to all
> of our Macs that we have deployed around the Campus.
>
> user {''sysop'':
>            #uid                   => 500,
>            #groups              => ''admin'',
>                comment        => ''Sysop'',
>                ensure            => present,
>                home              => ''/home/sysop'',
>                shell               => ''/bin/bash'',
>            managehome      => true,
>            password            => ''Haven''t figured out
the best way to hash
> a password and put it in here.,
>        }
>
> That''s what I have so far, I don''t believe I understand
how Hash works
> completely. The way I understand it is it will have a hash in the
> password field and it will compare it to other hashes to match what
> the password would be. So what I was hoping to get help on (or
> anything i''ve done wrong or you would recommend me doing
different) is
> how do i set a resource for the hash do i put it in my files directory
> and then point it to there.... is there anything special I have to do
> so puppet understands that it''s hash.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

so If I changed it to
user {''sysop'':
            #uid                   => 500,
            #groups              => ''admin'',
                comment        => ''Sysop'',
                ensure            => present,
                home              => ''/home/sysop'',
                shell               => ''/bin/bash'',
            managehome      => true,
            password            => "Hash"
}

Hash being the hash from /etc/shadow that would be all I needed?



On Jun 8, 3:12 pm, Nathan Clemons <nat...@livemocha.com>
wrote:
> What I do is set the password on one host, and then copy the hash out of
> /etc/shadow into the Puppet definition to be set on the other hosts.
>
> By default the Puppet providers expect that the password field will be
> hashed as used on the system, not plaintext.
>
> --
> Nathan Clemonshttp://www.livemocha.com
> The worlds largest online language learning community
>
>
>
>
>
>
>
> On Wed, Jun 8, 2011 at 12:08 PM, vella1tj <vella...@gmail.com> wrote:
> > Hi everyone I would like to first of all say thanks to anyone willing
> > to help me.
>
> > I was tasked with creating a Admin account using puppet to push to all
> > of our Macs that we have deployed around the Campus.
>
> > user {''sysop'':
> >            #uid                   => 500,
> >            #groups              => ''admin'',
> >                comment        => ''Sysop'',
> >                ensure            => present,
> >                home              =>
''/home/sysop'',
> >                shell               =>
''/bin/bash'',
> >            managehome      => true,
> >            password            => ''Haven''t
figured out the best way to hash
> > a password and put it in here.,
> >        }
>
> > That''s what I have so far, I don''t believe I
understand how Hash works
> > completely. The way I understand it is it will have a hash in the
> > password field and it will compare it to other hashes to match what
> > the password would be. So what I was hoping to get help on (or
> > anything i''ve done wrong or you would recommend me doing
different) is
> > how do i set a resource for the hash do i put it in my files directory
> > and then point it to there.... is there anything special I have to do
> > so puppet understands that it''s hash.
>
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,

If your password hash has any $ in it the "..." will puppet make try
to expand it.

You need password => ''$1$effggfdg....'' (single quotes).

cheers,
Den
On 09/06/2011, at 5:18, vella1tj <vella1tj@gmail.com> wrote:
> so If I changed it to
> user {''sysop'':
>            #uid                   => 500,
>            #groups              => ''admin'',
>                comment        => ''Sysop'',
>                ensure            => present,
>                home              => ''/home/sysop'',
>                shell               => ''/bin/bash'',
>            managehome      => true,
>            password            => "Hash"
> }
> 
> Hash being the hash from /etc/shadow that would be all I needed?
> 
> 
> 
> On Jun 8, 3:12 pm, Nathan Clemons <nat...@livemocha.com> wrote:
>> What I do is set the password on one host, and then copy the hash out
of
>> /etc/shadow into the Puppet definition to be set on the other hosts.
>> 
>> By default the Puppet providers expect that the password field will be
>> hashed as used on the system, not plaintext.
>> 
>> --
>> Nathan Clemonshttp://www.livemocha.com
>> The worlds largest online language learning community
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> On Wed, Jun 8, 2011 at 12:08 PM, vella1tj <vella...@gmail.com>
wrote:
>>> Hi everyone I would like to first of all say thanks to anyone
willing
>>> to help me.
>> 
>>> I was tasked with creating a Admin account using puppet to push to
all
>>> of our Macs that we have deployed around the Campus.
>> 
>>> user {''sysop'':
>>>            #uid                   => 500,
>>>            #groups              => ''admin'',
>>>                comment        => ''Sysop'',
>>>                ensure            => present,
>>>                home              =>
''/home/sysop'',
>>>                shell               =>
''/bin/bash'',
>>>            managehome      => true,
>>>            password            => ''Haven''t
figured out the best way to hash
>>> a password and put it in here.,
>>>        }
>> 
>>> That''s what I have so far, I don''t believe I
understand how Hash works
>>> completely. The way I understand it is it will have a hash in the
>>> password field and it will compare it to other hashes to match what
>>> the password would be. So what I was hoping to get help on (or
>>> anything i''ve done wrong or you would recommend me doing
different) is
>>> how do i set a resource for the hash do i put it in my files
directory
>>> and then point it to there.... is there anything special I have to
do
>>> so puppet understands that it''s hash.
>> 
>>> --
>>> You received this message because you are subscribed to the Google
Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wed, Jun 8, 2011 at 2:11 PM, Denmat <tu2bgone@gmail.com> wrote:
> Hi,
>
> If your password hash has any $ in it the "..." will puppet make
try to
> expand it.
>
> You need password => ''$1$effggfdg....'' (single
quotes).
>
I like using puppet resource for this.

Set the password for an account, and use puppet resource to generate the
manifest, removing the attributes you don''t want to manage.

user { ''nigel'':
  ensure           => ''present'',
  comment          => ''nigel,,,'',
  gid              => ''1000'',
  groups           => [''dialout'',
''cdrom'', ''floppy'',
''audio'', ''video'',
''plugdev''],
  home             => ''/home/nigel'',
  password         =>
''$6$fPUohVXH$bYZY38RJIKKUK9fF6U/taOZfOwFdRoBnRkZOV71lGIWVMj96nOwWOAMp5EGbfJUjbrnHP/EvszbRkZgWYRkL3.'',
  password_max_age => ''99999'',
  password_min_age => ''0'',
  shell            => ''/bin/bash'',
  uid              => ''1000'',
}

That''s a test account. The password is trivial enough that you can
probably
crack it :)




> cheers,
> Den
> On 09/06/2011, at 5:18, vella1tj <vella1tj@gmail.com> wrote:
>
> > so If I changed it to
> > user {''sysop'':
> >            #uid                   => 500,
> >            #groups              => ''admin'',
> >                comment        => ''Sysop'',
> >                ensure            => present,
> >                home              =>
''/home/sysop'',
> >                shell               =>
''/bin/bash'',
> >            managehome      => true,
> >            password            => "Hash"
> > }
> >
> > Hash being the hash from /etc/shadow that would be all I needed?
> >
> >
> >
> > On Jun 8, 3:12 pm, Nathan Clemons <nat...@livemocha.com> wrote:
> >> What I do is set the password on one host, and then copy the hash
out of
> >> /etc/shadow into the Puppet definition to be set on the other
hosts.
> >>
> >> By default the Puppet providers expect that the password field
will be
> >> hashed as used on the system, not plaintext.
> >>
> >> --
> >> Nathan Clemonshttp://www.livemocha.com
> >> The worlds largest online language learning community
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Wed, Jun 8, 2011 at 12:08 PM, vella1tj
<vella...@gmail.com> wrote:
> >>> Hi everyone I would like to first of all say thanks to anyone
willing
> >>> to help me.
> >>
> >>> I was tasked with creating a Admin account using puppet to
push to all
> >>> of our Macs that we have deployed around the Campus.
> >>
> >>> user {''sysop'':
> >>>            #uid                   => 500,
> >>>            #groups              =>
''admin'',
> >>>                comment        => ''Sysop'',
> >>>                ensure            => present,
> >>>                home              =>
''/home/sysop'',
> >>>                shell               =>
''/bin/bash'',
> >>>            managehome      => true,
> >>>            password            =>
''Haven''t figured out the best way to
> hash
> >>> a password and put it in here.,
> >>>        }
> >>
> >>> That''s what I have so far, I don''t believe I
understand how Hash works
> >>> completely. The way I understand it is it will have a hash in
the
> >>> password field and it will compare it to other hashes to match
what
> >>> the password would be. So what I was hoping to get help on (or
> >>> anything i''ve done wrong or you would recommend me
doing different) is
> >>> how do i set a resource for the hash do i put it in my files
directory
> >>> and then point it to there.... is there anything special I
have to do
> >>> so puppet understands that it''s hash.
> >>
> >>> --
> >>> You received this message because you are subscribed to the
Google
> Groups
> >>> "Puppet Users" group.
> >>> To post to this group, send email to
puppet-users@googlegroups.com.
> >>> To unsubscribe from this group, send email to
> >>> puppet-users+unsubscribe@googlegroups.com.
> >>> For more options, visit this group at
> >>> http://groups.google.com/group/puppet-users?hl=en.
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
Nigel Kersten
Product, Puppet Labs
@nigelkersten

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wed, Jun 8, 2011 at 2:38 PM, Nigel Kersten <nigel@puppetlabs.com>
wrote:
>
>
> On Wed, Jun 8, 2011 at 2:11 PM, Denmat <tu2bgone@gmail.com> wrote:
>
>> Hi,
>>
>> If your password hash has any $ in it the "..." will puppet
make try to
>> expand it.
>>
>> You need password => ''$1$effggfdg....'' (single
quotes).
>>
>
> I like using puppet resource for this.
>
> Set the password for an account, and use puppet resource to generate the
> manifest, removing the attributes you don''t want to manage.
>
I forgot to show the actual command:

$ puppet resource user nigel

>
> user { ''nigel'':
>   ensure           => ''present'',
>   comment          => ''nigel,,,'',
>   gid              => ''1000'',
>   groups           => [''dialout'',
''cdrom'', ''floppy'',
''audio'', ''video'',
> ''plugdev''],
>   home             => ''/home/nigel'',
>   password         =>
>
''$6$fPUohVXH$bYZY38RJIKKUK9fF6U/taOZfOwFdRoBnRkZOV71lGIWVMj96nOwWOAMp5EGbfJUjbrnHP/EvszbRkZgWYRkL3.'',
>   password_max_age => ''99999'',
>   password_min_age => ''0'',
>   shell            => ''/bin/bash'',
>   uid              => ''1000'',
> }
>
> That''s a test account. The password is trivial enough that you can
probably
> crack it :)
>
>
>
>
>
>> cheers,
>> Den
>> On 09/06/2011, at 5:18, vella1tj <vella1tj@gmail.com> wrote:
>>
>> > so If I changed it to
>> > user {''sysop'':
>> >            #uid                   => 500,
>> >            #groups              => ''admin'',
>> >                comment        => ''Sysop'',
>> >                ensure            => present,
>> >                home              =>
''/home/sysop'',
>> >                shell               =>
''/bin/bash'',
>> >            managehome      => true,
>> >            password            => "Hash"
>> > }
>> >
>> > Hash being the hash from /etc/shadow that would be all I needed?
>> >
>> >
>> >
>> > On Jun 8, 3:12 pm, Nathan Clemons <nat...@livemocha.com>
wrote:
>> >> What I do is set the password on one host, and then copy the
hash out
>> of
>> >> /etc/shadow into the Puppet definition to be set on the other
hosts.
>> >>
>> >> By default the Puppet providers expect that the password field
will be
>> >> hashed as used on the system, not plaintext.
>> >>
>> >> --
>> >> Nathan Clemonshttp://www.livemocha.com
>> >> The worlds largest online language learning community
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On Wed, Jun 8, 2011 at 12:08 PM, vella1tj
<vella...@gmail.com> wrote:
>> >>> Hi everyone I would like to first of all say thanks to
anyone willing
>> >>> to help me.
>> >>
>> >>> I was tasked with creating a Admin account using puppet to
push to all
>> >>> of our Macs that we have deployed around the Campus.
>> >>
>> >>> user {''sysop'':
>> >>>            #uid                   => 500,
>> >>>            #groups              =>
''admin'',
>> >>>                comment        =>
''Sysop'',
>> >>>                ensure            => present,
>> >>>                home              =>
''/home/sysop'',
>> >>>                shell               =>
''/bin/bash'',
>> >>>            managehome      => true,
>> >>>            password            =>
''Haven''t figured out the best way to
>> hash
>> >>> a password and put it in here.,
>> >>>        }
>> >>
>> >>> That''s what I have so far, I don''t
believe I understand how Hash works
>> >>> completely. The way I understand it is it will have a hash
in the
>> >>> password field and it will compare it to other hashes to
match what
>> >>> the password would be. So what I was hoping to get help on
(or
>> >>> anything i''ve done wrong or you would recommend
me doing different) is
>> >>> how do i set a resource for the hash do i put it in my
files directory
>> >>> and then point it to there.... is there anything special I
have to do
>> >>> so puppet understands that it''s hash.
>> >>
>> >>> --
>> >>> You received this message because you are subscribed to
the Google
>> Groups
>> >>> "Puppet Users" group.
>> >>> To post to this group, send email to
puppet-users@googlegroups.com.
>> >>> To unsubscribe from this group, send email to
>> >>> puppet-users+unsubscribe@googlegroups.com.
>> >>> For more options, visit this group at
>> >>> http://groups.google.com/group/puppet-users?hl=en.
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups "Puppet Users" group.
>> > To post to this group, send email to
puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>> >
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
> --
> Nigel Kersten
> Product, Puppet Labs
> @nigelkersten
>
>

-- 
Nigel Kersten
Product, Puppet Labs
@nigelkersten

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Thank you all for the quick responses I really do appreciate it, you
guys are awesome!!!

On Jun 8, 5:38 pm, Nigel Kersten <ni...@puppetlabs.com>
wrote:
> On Wed, Jun 8, 2011 at 2:38 PM, Nigel Kersten <ni...@puppetlabs.com>
wrote:
>
> > On Wed, Jun 8, 2011 at 2:11 PM, Denmat <tu2bg...@gmail.com>
wrote:
>
> >> Hi,
>
> >> If your password hash has any $ in it the "..." will
puppet make try to
> >> expand it.
>
> >> You need password => ''$1$effggfdg....''
(single quotes).
>
> > I like using puppet resource for this.
>
> > Set the password for an account, and use puppet resource to generate
the
> > manifest, removing the attributes you don''t want to manage.
>
> I forgot to show the actual command:
>
> $ puppet resource user nigel
>
>
>
>
>
>
>
>
>
>
>
> > user { ''nigel'':
> >   ensure           => ''present'',
> >   comment          => ''nigel,,,'',
> >   gid              => ''1000'',
> >   groups           => [''dialout'',
''cdrom'', ''floppy'',
''audio'', ''video'',
> > ''plugdev''],
> >   home             => ''/home/nigel'',
> >   password         =>
> >
''$6$fPUohVXH$bYZY38RJIKKUK9fF6U/taOZfOwFdRoBnRkZOV71lGIWVMj96nOwWOAMp5EGbfJ
UjbrnHP/EvszbRkZgWYRkL3.'',
> >   password_max_age => ''99999'',
> >   password_min_age => ''0'',
> >   shell            => ''/bin/bash'',
> >   uid              => ''1000'',
> > }
>
> > That''s a test account. The password is trivial enough that
you can probably
> > crack it :)
>
> >> cheers,
> >> Den
> >> On 09/06/2011, at 5:18, vella1tj <vella...@gmail.com> wrote:
>
> >> > so If I changed it to
> >> > user {''sysop'':
> >> >            #uid                   => 500,
> >> >            #groups              =>
''admin'',
> >> >                comment        =>
''Sysop'',
> >> >                ensure            => present,
> >> >                home              =>
''/home/sysop'',
> >> >                shell               =>
''/bin/bash'',
> >> >            managehome      => true,
> >> >            password            => "Hash"
> >> > }
>
> >> > Hash being the hash from /etc/shadow that would be all I
needed?
>
> >> > On Jun 8, 3:12 pm, Nathan Clemons
<nat...@livemocha.com> wrote:
> >> >> What I do is set the password on one host, and then copy
the hash out
> >> of
> >> >> /etc/shadow into the Puppet definition to be set on the
other hosts.
>
> >> >> By default the Puppet providers expect that the password
field will be
> >> >> hashed as used on the system, not plaintext.
>
> >> >> --
> >> >> Nathan Clemonshttp://www.livemocha.com
> >> >> The worlds largest online language learning community
>
> >> >> On Wed, Jun 8, 2011 at 12:08 PM, vella1tj
<vella...@gmail.com> wrote:
> >> >>> Hi everyone I would like to first of all say thanks
to anyone willing
> >> >>> to help me.
>
> >> >>> I was tasked with creating a Admin account using
puppet to push to all
> >> >>> of our Macs that we have deployed around the Campus.
>
> >> >>> user {''sysop'':
> >> >>>            #uid                   => 500,
> >> >>>            #groups              =>
''admin'',
> >> >>>                comment        =>
''Sysop'',
> >> >>>                ensure            => present,
> >> >>>                home              =>
''/home/sysop'',
> >> >>>                shell               =>
''/bin/bash'',
> >> >>>            managehome      => true,
> >> >>>            password            =>
''Haven''t figured out the best way to
> >> hash
> >> >>> a password and put it in here.,
> >> >>>        }
>
> >> >>> That''s what I have so far, I don''t
believe I understand how Hash works
> >> >>> completely. The way I understand it is it will have a
hash in the
> >> >>> password field and it will compare it to other hashes
to match what
> >> >>> the password would be. So what I was hoping to get
help on (or
> >> >>> anything i''ve done wrong or you would
recommend me doing different) is
> >> >>> how do i set a resource for the hash do i put it in
my files directory
> >> >>> and then point it to there.... is there anything
special I have to do
> >> >>> so puppet understands that it''s hash.
>
> >> >>> --
> >> >>> You received this message because you are subscribed
to the Google
> >> Groups
> >> >>> "Puppet Users" group.
> >> >>> To post to this group, send email to
puppet-users@googlegroups.com.
> >> >>> To unsubscribe from this group, send email to
> >> >>> puppet-users+unsubscribe@googlegroups.com.
> >> >>> For more options, visit this group at
> >> >>>http://groups.google.com/group/puppet-users?hl=en.
>
> >> > --
> >> > You received this message because you are subscribed to the
Google
> >> Groups "Puppet Users" group.
> >> > To post to this group, send email to
puppet-users@googlegroups.com.
> >> > To unsubscribe from this group, send email to
> >> puppet-users+unsubscribe@googlegroups.com.
> >> > For more options, visit this group at
> >>http://groups.google.com/group/puppet-users?hl=en.
>
> >> --
> >> You received this message because you are subscribed to the Google
Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to
puppet-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> >>http://groups.google.com/group/puppet-users?hl=en.
>
> > --
> > Nigel Kersten
> > Product, Puppet Labs
> > @nigelkersten
>
> --
> Nigel Kersten
> Product, Puppet Labs
> @nigelkersten
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Ubuntu/Debian, you can generate the hash using:

mkpasswd -m sha-512

I don''t know if it works on Mac, but the output of it looks like the
same as
the examples posted on this topic, so I think it should work.*
*

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/xhepExgRm0AJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Sun, Jun 12, 2011 at 10:42 AM, Alexandre Martani
<amartani@gmail.com>wrote:
> On Ubuntu/Debian, you can generate the hash using:
>
> mkpasswd -m sha-512
>
> I don''t know if it works on Mac, but the output of it looks like
the same
> as the examples posted on this topic, so I think it should work.
>
Mac OS X has a more complex password hash with required zero padding that is
rather annoying.

user { ''demo'':
  ensure   => ''present'',
  comment  => ''demo'',
  gid      => ''20'',
  home     => ''/Users/demo'',
  password =>
''000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000E2FA8B0FC9EEEE8C9C3D20C346F59145BAF0BBF2352709CF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'',
  shell    => ''/bin/bash'',
  uid      => ''502'',
}

Told you it was annoying :)

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Yep, I figured it out thanks to you guys. Now it''s just getting that
darn home folder to get created:) Again thanks for the replies you
guys are awesome.

On Jun 13, 9:56 am, Nigel Kersten <ni...@puppetlabs.com>
wrote:
> On Sun, Jun 12, 2011 at 10:42 AM, Alexandre Martani
<amart...@gmail.com>wrote:
>
> > On Ubuntu/Debian, you can generate the hash using:
>
> > mkpasswd -m sha-512
>
> > I don''t know if it works on Mac, but the output of it looks
like the same
> > as the examples posted on this topic, so I think it should work.
>
> Mac OS X has a more complex password hash with required zero padding that
is
> rather annoying.
>
> user { ''demo'':
>   ensure   => ''present'',
>   comment  => ''demo'',
>   gid      => ''20'',
>   home     => ''/Users/demo'',
>   password =>
>
''00000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000E2FA8B0FC9EEEE8C9C3D20C346F59145BAF0BBF2352709CF00000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000'',
>   shell    => ''/bin/bash'',
>   uid      => ''502'',
>
> }
>
> Told you it was annoying :)
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

You could also use the built in sha1 function to let puppet generate the 
hashed version for you.
Like this:

user {''sysop'': 
                  #uid                   => 500, 
             #groups              => ''admin'', 
                comment        => ''Sysop'', 
                ensure            => present, 
                home              => ''/home/sysop'', 
                shell               => ''/bin/bash'', 
            managehome      => true, 
            password            =>
sha1(''plaintextpasswordhere''),
 } 

On Wednesday, June 8, 2011 9:08:36 PM UTC+2, vella1tj
wrote:
>
> Hi everyone I would like to first of all say thanks to anyone willing 
> to help me. 
>
> I was tasked with creating a Admin account using puppet to push to all 
> of our Macs that we have deployed around the Campus. 
>
> user {''sysop'': 
>                   #uid                   => 500, 
>              #groups              => ''admin'', 
>                 comment        => ''Sysop'', 
>                 ensure            => present, 
>                 home              => ''/home/sysop'', 
>                 shell               => ''/bin/bash'', 
>             managehome      => true, 
>             password            => ''Haven''t figured
out the best way to
> hash 
> a password and put it in here., 
>         } 
>
> That''s what I have so far, I don''t believe I understand
how Hash works
> completely. The way I understand it is it will have a hash in the 
> password field and it will compare it to other hashes to match what 
> the password would be. So what I was hoping to get help on (or 
> anything i''ve done wrong or you would recommend me doing
different) is
> how do i set a resource for the hash do i put it in my files directory 
> and then point it to there.... is there anything special I have to do 
> so puppet understands that it''s hash.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.