From f349f00244091e475695640b193b1d76abdb52c0 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sat, 8 Nov 2008 21:56:52 +0000
Subject: we can only manage crypted passwords -> added a python script to
 generate these passwords

---
 manifests/defines.pp       |  9 ++++-----
 password/openbsd/genpwd.py | 12 ++++++++++++
 2 files changed, 16 insertions(+), 5 deletions(-)
 create mode 100755 password/openbsd/genpwd.py

diff --git a/manifests/defines.pp b/manifests/defines.pp
index 2168459..7113474 100644
--- a/manifests/defines.pp
+++ b/manifests/defines.pp
@@ -6,11 +6,10 @@
 #                   which should be set. Default: absent -> no password is set.
 #                   To create an encrypted password, you can use:
 #                   /usr/bin/mkpasswd -H md5 -S $salt $password
-#                   Note: On OpenBSD systems we can only manage plain text passwords.
+#                   Note: On OpenBSD systems we can only manage crypted passwords.
 #                         Therefor the password_crypted option doesn't have any effect.
-#                         As well we can only set the password if a user doesn't yet have 
-#                         set a password. So if the user will change it, the plain password
-#                         will be useless.
+#                         You'll find a python script in ${module}/password/openbsd/genpwd.py
+#                         Which will help you to create such a password
 # password_crypted: if the supplied password is crypted or not. 
 #                   Default: true
 #                   Note: If you'd like to use unencrypted passwords, you have to set a variable
@@ -135,7 +134,7 @@ define user::define_user(
             case $operatingsystem {
                 openbsd: { 
                     exec { "setpass ${name}":
-                        onlyif => "grep -q '^${name}:\\**:' /etc/master.passwd",
+                        unless => "grep -q '^${name}:${password}:' /etc/master.passwd",
                         command => "usermod -p '${password}' ${name}",
                         require => User["${name}"],
                     }   
diff --git a/password/openbsd/genpwd.py b/password/openbsd/genpwd.py
new file mode 100755
index 0000000..a64de57
--- /dev/null
+++ b/password/openbsd/genpwd.py
@@ -0,0 +1,12 @@
+#!/usr/bin/env python 
+import sys
+# you nee to install the bcrypt python library to use that script
+# debian, ubuntu: sudo apt-get install python-bcrypt
+import bcrypt
+
+if len(sys.argv) != 2:
+    print sys.argv[0]+" password"
+    sys.exit(1)
+
+# Hash a password for the first time
+print bcrypt.hashpw(sys.argv[1], bcrypt.gensalt())
-- 
cgit v1.2.3