Set default password management for users in puppet
Question
When declaring a new user creation in Puppet, how can you set the default password management type and encryption?
How can I set one user to be managed independently?
How can I set one to be managed by puppet exclusively?
Independent: Do I just place a deceleration to /etc/passwd, eg:
user{ "foo":
ensure => present,
managehome => true,
home =>"/home/foo",
password => "/etc/passwd",
uid => "001"
}
I read an example in puppetforge example
accounts::user { 'bob':
uid => 4001,
gid => 4001,
shell => '/bin/bash',
password => '!!',
}
I keep seeing password => !! But I cannot seem to find documentation for password => !! example
SSH managed: Then when it comes to managing directly with SSH Puppet, I just map it to the key? eg (from puppetforge)
accounts::user { 'jeff':
comment => 'Jeff McCune',
groups => [
'admin',
'sudonopw',
],
uid => '1112',
gid => '1112',
sshkeys => [
'ssh-rsa AAAAB3Nza...== jeff@puppetlabs.com',
'ssh-dss AAAAB3Nza...== jeff@metamachine.net',
],
}
Where I assume the above RSA AAAAB3Nza... is a generated (externally, copied) and then stored in hard-code? The user can then auth using jeff@puppetlabs.com which is mapped to the RSA?
1 answers
solution1
1 ACCPTED 2017-10-27 01:41:08
In puppet, if you don't specify the password, it won't manage the password. If you specify a password, it ensures that value is placed in /etc/shadow. That value really should be an encrypted value. The double exclamation mark is the "not a password" value, and the account is then unable to be authenticated with a password.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.