On Tue, Jan 7, 2014 at 7:47 AM, Adam Morris <[email protected]> wrote:
> > > On Monday, January 6, 2014 4:33:57 PM UTC-8, Romeo Theriault wrote: >> >> Not sure I'm going to answer your question but I'd recommend that you use >> the highest level of password encryption your version of unix supports. On >> modern Linux boxes this is SHA512. I'm not sure about AIX. I don't >> *believe* openssl passwd allows you to generate SHA512 encrypted passwords. >> I use the python library passlib [1] for this. Easy enough to do: >> > > Thanks Romeo, AIX can handle SMD5, SHA-256 and SHA-512... (plus blowfish > on the server I checked). so I could say that we should use SHA-512 going > forward. That still leaves me with the question as to how I handle them... > Do I store an AIX password and a Linux password for every user, do I munge > the passwords when I use them, or do I add a potentially ugly hack to > Ansible that would take care of the issue? > > I'm leaning towards the second option myself... It's not entirely clean, > but it does seem like a reasonable way to go. > If like you suggested AIX passwords just have something prepended to them I'd just store one SHA512 password and interpolate the needed prefix on the AIX boxes. -- Romeo -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
