在Puppet中管理Linux的用户密码 [英] Managing a user password for linux in puppet
问题描述
我需要使用人偶创建一个具有密码的测试用户.
I need to create a test user with a password using puppet.
我读到,木偶无法以通用的跨平台方式管理用户密码,这很遗憾. 我正在针对Red Hat Enterprise Linux Server 6.3版这样做.
I've read that puppet cannot manage user passwords in a generic cross-platform way, which is a pity. I am doing this for Red Hat Enterprise Linux Server release 6.3.
我这样做如下:
user { 'test_user':
ensure => present,
password => sha1('hello'),
}
puppet更新用户密码, 但是Linux在我尝试登录时说login/pwd不正确.
puppet updates the password of the user, but Linux says login/pwd incorrect when I try to log in.
如果在Linux中使用sudo passwd test_user
手动设置密码,然后查看/etc/shadow
并在puppet中对该值进行硬编码,则它可以工作(我可以登录).像这样:
It works (I can login) if I set the password manually in Linux with sudo passwd test_user
, and then look at /etc/shadow
and hardcode that value in puppet. something like:
user { 'test_user':
ensure => present,
password => '$1$zi13KdCr$zJvdWm5h552P8b34AjxO11',
}
我也尝试过在sha1('hello')
前面添加$1$
,
但它也不起作用(请注意,$1$
代表sha1).
I've tried also by adding $1$
in front of the sha1('hello')
,
but it does not work either (note, $1$
stands for sha1).
如何修改第一个示例以使其起作用(使用人偶文件中的纯文本密码)?
How to modify the first example to make it work (using the plaintext password in the puppet file)?
P.S .:我知道我应该使用LDAP或sshkey或其他方式,而不是硬编码人偶文件中的用户密码.但是,我这样做仅是为了运行木偶游民测试,因此可以对用户密码进行硬编码.
P.S.: I am aware that I should use LDAP, or sshkeys, or something else, instead of hardcoding the user passwords in the puppet file. however, I am doing this only for running a puppet vagrant test, so it is ok to hardcode the user password.
推荐答案
我在ruby的String上获得了成功(要点) Puppet解析器函数中的#crypt方法.
I had success (gist) with ruby's String#crypt method from within a Puppet parser function.
AFAICS它使用crypt libc函数(请参阅:info crypt
),并采用相同的参数$n$[rounds=<m>$]salt
,其中n是哈希函数(对于SHA-512为$ 6),而m是密钥加强回合的数量(默认为5000).
AFAICS it's using the crypt libc functions (see: info crypt
), and takes the same arguments $n$[rounds=<m>$]salt
, where n is the hashing function ($6 for SHA-512) and m is the number of key strengthening rounds (5000 by default).
这篇关于在Puppet中管理Linux的用户密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!