Managing a user password for linux in puppet
I need to create a test user with a password using puppet.
I've read that puppet cannot manage user passwords in a generic cross-platform way, which is a pity. I am doing this for Red Hat Enterprise Linux Server release 6.3.
I do as follows:
user { 'test_user':
ensure => present,
password => sha1('hello'),
}
puppet updates the password of the user, but Linux says login/pwd incorrect when I try to log in.
It works (I can login) if I set the password manually in Linux with sudo passwd test_user, and then look at /etc/shadow and hardcode that value in puppet. something like:
user { 'test_user':
ensure => present,
password => '$1$zi13KdCr$zJvdWm5h552P8b34AjxO11',
}
I've tried also by adding $1$ in front of the sha1('hello'),
but it does not work either (note, $1$ stands for sha1).
How to modify the first example to make it work (using the plaintext password in the puppet file)?
P.S.: I am aware that I should use LDAP, or sshkeys, or something else, instead of hardcoding the user passwords in the puppet file. however, I am doing this only for running a puppet vagrant test, so it is ok to hardcode the user password.
Answer
Linux users have their passwords stored as hash in /etc/shadow file. Puppet passes the password supplied in the user type definition in the /etc/shadow file.
Generate your hash password using openssl command:
#openssl passwd -1
#Enter your password here
Password:
Verifying - Password:
$1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM
The previous example generate this hash: $1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM/
Add this hash password to your class as shown (do not forget the quotes)
user { 'test_user':
ensure => present,
password => '$1$HTQUGYUGYUGwsxQxCp3F/nGc4DCYM/',
}