diff options
| author | mh <mh@immerda.ch> | 2008-11-08 21:56:52 +0000 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2008-11-08 21:56:52 +0000 |
| commit | f349f00244091e475695640b193b1d76abdb52c0 (patch) | |
| tree | 29d30fcc2f1b53c14012fc54aad9e47722f66628 | |
| parent | f23cf372baef35af2b19ac4df14c016ce283410f (diff) | |
we can only manage crypted passwords -> added a python script to generate these passwords
| -rw-r--r-- | manifests/defines.pp | 9 | ||||
| -rwxr-xr-x | password/openbsd/genpwd.py | 12 |
2 files changed, 16 insertions, 5 deletions
diff --git a/manifests/defines.pp b/manifests/defines.pp index 2168459..7113474 100644 --- a/manifests/defines.pp +++ b/manifests/defines.pp @@ -6,11 +6,10 @@ # which should be set. Default: absent -> no password is set. # To create an encrypted password, you can use: # /usr/bin/mkpasswd -H md5 -S $salt $password -# Note: On OpenBSD systems we can only manage plain text passwords. +# Note: On OpenBSD systems we can only manage crypted passwords. # Therefor the password_crypted option doesn't have any effect. -# As well we can only set the password if a user doesn't yet have -# set a password. So if the user will change it, the plain password -# will be useless. +# You'll find a python script in ${module}/password/openbsd/genpwd.py +# Which will help you to create such a password # password_crypted: if the supplied password is crypted or not. # Default: true # Note: If you'd like to use unencrypted passwords, you have to set a variable @@ -135,7 +134,7 @@ define user::define_user( case $operatingsystem { openbsd: { exec { "setpass ${name}": - onlyif => "grep -q '^${name}:\\**:' /etc/master.passwd", + unless => "grep -q '^${name}:${password}:' /etc/master.passwd", command => "usermod -p '${password}' ${name}", require => User["${name}"], } diff --git a/password/openbsd/genpwd.py b/password/openbsd/genpwd.py new file mode 100755 index 0000000..a64de57 --- /dev/null +++ b/password/openbsd/genpwd.py @@ -0,0 +1,12 @@ +#!/usr/bin/env python +import sys +# you nee to install the bcrypt python library to use that script +# debian, ubuntu: sudo apt-get install python-bcrypt +import bcrypt + +if len(sys.argv) != 2: + print sys.argv[0]+" password" + sys.exit(1) + +# Hash a password for the first time +print bcrypt.hashpw(sys.argv[1], bcrypt.gensalt()) |