Puppet users - Feb 2014 - Workaround for user password hash

Hi,
I suppose it will be useful if I share a workaround I just found for a 
problem I encountered.

I needed a "user" puppet resource to add a user and set its password,
on
CentOS 6.4.
The manifest was applied with no errors, but the password was not set 
correctly.

I tried:

  password => sha1("password")

and some hash was set for the user password, but it was not the right one, 
I could not log in.

I then tried directly setting the hash I got from "openssl passwd -1 
password":

  password => "$1$RCxCmL.x$MRHrLKqYpha19ERGC/5FQ/"

but only part of the hash ended up in /etc/shadow, e.g. in this case 
".x/5FQ/".

By searching on Google I found reports of very similar problems, but the 
output and fixes were different, mostly regarding a required ruby library 
(ruby-libshadow) which AFAICT I already had installed.

I eventually spotted the problem was with "$" signs, so I tried
escaping
them:

  password => "\$1\$RCxCmL.x\$MRHrLKqYpha19ERGC/5FQ/"

and it finally works!

Thinking about it, it appears logical: strings enclosed in double quotes 
allow for variable interpolation, so anything following a $ up to another 
special char like a dot or a slash was expected to be a variable, but its 
value was empty.

HTH someone else when googling.
Marco

PS: what's the problem with sha1()? I don't care about the password
being
in clear text in the manifest, BTW.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/36b541d6-7ff1-4f31-9b28-52ad38941929%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.