On Tue, Jan 7, 2014 at 7:47 AM, Adam Morris <zwack...@gmail.com> wrote:
> > > On Monday, January 6, 2014 4:33:57 PM UTC-8, Romeo Theriault wrote: >> >> Not sure I'm going to answer your question but I'd recommend that you use >> the highest level of password encryption your version of unix supports. On >> modern Linux boxes this is SHA512. I'm not sure about AIX. I don't >> *believe* openssl passwd allows you to generate SHA512 encrypted passwords. >> I use the python library passlib [1] for this. Easy enough to do: >> > > Thanks Romeo, AIX can handle SMD5, SHA-256 and SHA-512... (plus blowfish > on the server I checked). so I could say that we should use SHA-512 going > forward. That still leaves me with the question as to how I handle them... > Do I store an AIX password and a Linux password for every user, do I munge > the passwords when I use them, or do I add a potentially ugly hack to > Ansible that would take care of the issue? > > I'm leaning towards the second option myself... It's not entirely clean, > but it does seem like a reasonable way to go. > If like you suggested AIX passwords just have something prepended to them I'd just store one SHA512 password and interpolate the needed prefix on the AIX boxes. -- Romeo -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
