Francisco Cabrita
2012-Jun-17 20:28 UTC
[Puppet Users] Puppet 2.7.16 standalone under FreeBSD 9.0 password nightmare
Hi,
I''ve created a standalone recipe to configure my FreeBSD servers.
Everything is fine except the password I set for a specific user.
"...
$username = "admin"
$fullname = "bofh"
$password = "changeme"
class users {
@user { $username:
ensure => present,
comment => $fullname,
shell => "/usr/local/bin/bash",
home => "/home/${username}",
password => $password,
managehome => true,
groups => [ "wheel" ] }
realize User[$username]
}
..."
I''ve also tried this workaround i''ve found on interwebs but
without any
result :/
"...
exec { "fix_passwd":
command => "/bin/echo ${password} | /usr/sbin/pw usermod
${username} -h 0",
refreshonly => true }
..."
any tip on this?
thanks in advance.
Cheers,
Francisco
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/WU9GMeiPQ3cJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Christopher Wood
2012-Jun-17 21:59 UTC
Re: [Puppet Users] Puppet 2.7.16 standalone under FreeBSD 9.0 password nightmare
On Sun, Jun 17, 2012 at 01:28:53PM -0700, Francisco Cabrita wrote:> Hi, > I''ve created a standalone recipe to configure my FreeBSD servers. > Everything is fine except the password I set for a specific user. > "... > $username = "admin" > $fullname = "bofh" > $password = "changeme" > class users { > @user { $username: > ensure => present, > comment => $fullname, > shell => "/usr/local/bin/bash", > home => "/home/${username}", > password => $password,The password is actually the password hash, not the password itself: http://docs.puppetlabs.com/references/stable/type.html#user I use something like this at work to set a role account (but not using the password "password"): $mehash = $operatingsystem ? { ''FreeBSD'' => ''$1$93VW4ggC$TRfw9FupHygHkgvZqF1KK.'', ''Solaris'' => ''ScRpgNPWh3biw'', default => ''$6$Djwse/H/$a0mriVcwGZTG9TQL8cf3mdDL2W/omCO1MMKzId23slKjWl.VC6tCnwAKcNEmXdbniLhb2UgbSO7N8Jx/s67k6/'', } $meshell = $operatingsystem ? { ''CentOS'' => ''/bin/bash'', ''Debian'' => ''/bin/bash'', ''FreeBSD'' => ''/bin/sh'', ''RedHat'' => ''/bin/bash'', ''Solaris'' => ''/bin/sh'', ''Ubuntu'' => ''/bin/bash'', default => ''/bin/sh'', } group { ''me'': ensure => ''present'', gid => ''1000'' } user { ''me'': home => ''/home/me'', shell => $meshell, password => $mehash, uid => ''1000'', gid => ''1000'', comment => ''Me,,,'', managehome => true, ensure => ''present'', require => Group[''me''], }> managehome => true, > groups => [ "wheel" ] } > > realize User[$username] > } > ..." > I''ve also tried this workaround i''ve found on interwebs but without any > result :/ > > "... > exec { "fix_passwd": > command => "/bin/echo ${password} | /usr/sbin/pw usermod > ${username} -h 0", > refreshonly => true } > ..." > any tip on this? > thanks in advance. > Cheers, > Francisco > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > [1]https://groups.google.com/d/msg/puppet-users/-/WU9GMeiPQ3cJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > References > > Visible links > 1. https://groups.google.com/d/msg/puppet-users/-/WU9GMeiPQ3cJ-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Francisco Cabrita
2012-Jun-17 22:39 UTC
Re: [Puppet Users] Puppet 2.7.16 standalone under FreeBSD 9.0 password nightmare
On Sun, Jun 17, 2012 at 10:59 PM, Christopher Wood <christopher_wood@pobox.com> wrote:> On Sun, Jun 17, 2012 at 01:28:53PM -0700, Francisco Cabrita wrote: >> Hi, >> I''ve created a standalone recipe to configure my FreeBSD servers. >> Everything is fine except the password I set for a specific user. >> "... >> $username = "admin" >> $fullname = "bofh" >> $password = "changeme" >> class users { >> @user { $username: >> ensure => present, >> comment => $fullname, >> shell => "/usr/local/bin/bash", >> home => "/home/${username}", >> password => $password, > > The password is actually the password hash, not the password itself: > > http://docs.puppetlabs.com/references/stable/type.html#user > > I use something like this at work to set a role account (but not using the password "password"): > > $mehash = $operatingsystem ? { > ''FreeBSD'' => ''$1$93VW4ggC$TRfw9FupHygHkgvZqF1KK.'', > ''Solaris'' => ''ScRpgNPWh3biw'', > default => ''$6$Djwse/H/$a0mriVcwGZTG9TQL8cf3mdDL2W/omCO1MMKzId23slKjWl.VC6tCnwAKcNEmXdbniLhb2UgbSO7N8Jx/s67k6/'', > } > $meshell = $operatingsystem ? { > ''CentOS'' => ''/bin/bash'', > ''Debian'' => ''/bin/bash'', > ''FreeBSD'' => ''/bin/sh'', > ''RedHat'' => ''/bin/bash'', > ''Solaris'' => ''/bin/sh'', > ''Ubuntu'' => ''/bin/bash'', > default => ''/bin/sh'', > } > group { ''me'': > ensure => ''present'', > gid => ''1000'' > } > user { ''me'': > home => ''/home/me'', > shell => $meshell, > password => $mehash, > uid => ''1000'', > gid => ''1000'', > comment => ''Me,,,'', > managehome => true, > ensure => ''present'', > require => Group[''me''], > }autch... didn''t pay attention to this... :/ "manages_passwords: The provider can modify user passwords, by accepting a password hash." thanks for your help Cheers, Francisco> > >> managehome => true, >> groups => [ "wheel" ] } >> >> realize User[$username] >> } >> ..." >> I''ve also tried this workaround i''ve found on interwebs but without any >> result :/ >> >> "... >> exec { "fix_passwd": >> command => "/bin/echo ${password} | /usr/sbin/pw usermod >> ${username} -h 0", >> refreshonly => true } >> ..." >> any tip on this? >> thanks in advance. >> Cheers, >> Francisco >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To view this discussion on the web visit >> [1]https://groups.google.com/d/msg/puppet-users/-/WU9GMeiPQ3cJ. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscribe@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> References >> >> Visible links >> 1. https://groups.google.com/d/msg/puppet-users/-/WU9GMeiPQ3cJ > > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. >-- Change is the essential process of all existence. -- Spock, "Let That Be Your Last Battlefield", stardate 5730.2 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.