如何使用ansible创建用户并设置密码? [英] How do I create a user and set a password using ansible?

问题描述

文档 将我们引向 github example，但这有点稀疏和神秘.

它是这样写的:

# 创建于:# crypt.crypt('这是我的密码', '$1$SomeSalt')密码:$1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI.

但是 crypt.crypt 没有发出示例所示的内容.它还使用 MD5.

我试过了:

# python导入地穴crypt.crypt('这是我的密码', '$6$somereallyniceandbigrandomsalt$')>>'$69LxCegsnIwI'

但是用户的密码字段应该是这样的:

密码:$6$somereallyniceandbigrandomsalt$UqddPX3r4kH3UL5jq5/ZI.

其中包括三个 $ 分隔符，用于分隔 6(表示它是 SHA-512 哈希)、salt 和加密密码.

请注意，python crypt docs 没有提及任何关于 $N 格式.

问题:

1. 提供给 crypt.crypt 的盐是应该以尾随的 $ 结尾还是在 $N$SALT 格式?

2. Python 文档参考了 DES，但如何调用 SHA-512 或 MD5 以及相关文档在哪里?

3. 我真的应该取 crypt.crypt 的输出并切断第一个 $6 并制作 $N$SALT$CRYPTED?这是 ansible 需要的吗?

解决方案

文档中显示的 python 示例取决于您使用的操作系统上运行的 crypt 版本.

我在 OS X 上生成了 crypt，我的目标服务器是 ubuntu.

由于操作系统提供的 crypt 实现不同，结果不同且不兼容.

改用这个:

http://pythonhosted.org/passlib/

<块引用>

Passlib 是 Python 2 & 的密码散列库.3、它提供超过 30 种密码散列算法的跨平台实现，以及管理现有密码哈希的框架.它的设计用于广泛的任务，从验证哈希在/etc/shadow 中找到，以提供完整的密码散列多用户应用.

<预><代码>>>># 导入哈希算法>>>从 passlib.hash 导入 sha512_crypt>>># 生成新的盐，并散列密码>>>hash = sha512_crypt.encrypt("密码")>>>散列

'$6$rounds=656000$BthPsosdEpqOM7Qd$l/ln9nyEfxM67ea8Bvb79JoW50pGjf6iM87taIvfSmpjasE4/wBG1.60pFS6W992T7Q1q2wikMbxYp'tMbxY

The documentation refers us to the github example, but this is a bit sparse and mysterious.

It says this:

# created with:
# crypt.crypt('This is my Password', '$1$SomeSalt')
password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI.

but crypt.crypt doesn't emit what the example shows. It also uses MD5.

I tried this:

# python
import crypt
crypt.crypt('This is my Password', '$6$somereallyniceandbigrandomsalt$')
>> '$69LxCegsnIwI'

but the password field of user should get something like this:

password: $6$somereallyniceandbigrandomsalt$UqddPX3r4kH3UL5jq5/ZI.

which includes three $ delimiters separating the 6 (which signifies that its a SHA-512 hash), the salt, and the crypted password.

Note that the python crypt docs don't mention anything about the $N format.

Questions:

1. Is the salt, as supplied to crypt.crypt, supposed to end with a trailing $ or is it in $N$SALT format?

2. Python docs refer to DES, but how is SHA-512 or MD5 being called and where is the documention for this?

3. Am I really supposed to take the output of crypt.crypt and cut off the first $6 and make $N$SALT$CRYPTED? Is this what ansible needs?

解决方案

The python example shown in the documentation depends on what version of crypt is running on the OS you are using.

I generated the crypt on OS X and the server I was targetting is ubuntu.

Due to differences in which implementation of crypt is offered by the OS, the result is different and incompatible.

Use this instead:

http://pythonhosted.org/passlib/

Passlib is a password hashing library for Python 2 & 3, which provides cross-platform implementations of over 30 password hashing algorithms, as well as a framework for managing existing password hashes. It’s designed to be useful for a wide range of tasks, from verifying a hash found in /etc/shadow, to providing full-strength password hashing for multi-user application.

>>> # import the hash algorithm
>>> from passlib.hash import sha512_crypt

>>> # generate new salt, and hash a password
>>> hash = sha512_crypt.encrypt("password")
>>> hash

'$6$rounds=656000$BthPsosdEpqOM7Qd$l/ln9nyEfxM67ea8Bvb79JoW50pGjf6iM87taIvfSmpjasE4/wBG1.60pFS6W992T7Q1q2wikMbxYUvMHD1tT1'

这篇关于如何使用ansible创建用户并设置密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！