Gus F. wrote: > I am using puppet (version 0.25.5-1.e15 for redhat) for password > management for non-system users. This morning, users on some of my > puppet clients had their encrypted password strings in /etc/shadow > replaced with the following string: > > YAML::syck::BadAlias
Eeeww. That's no damn good.
> That has effectively broken the users' ability to login to those
> servers. Puppet will not overwrite that string with the correct
> encrypted string, and I can't even change the password manually
> using 'passwd', because I get an 'Authentication token manipulation
> error'. The only way I can fix this is by manually editing
> /etc/shadow, replaced that YAML string with something valid (I've
> been using an '*'), and then changing the password manually or
> letting puppet overwrite it with the correct password.
>
> What could have caused this?
If you run puppet again, does it attempt to change the entries back?
You could run it with --noop to test quickly without risking a change.
Though depending on the cause, it might not show up unless you run it
without --noop. If no one else chimes in with better ideas, you might
want to run "puppetd --test --trace --debug" (after backing up
/etc/shadow). Maybe that would help determine the source of the
problem.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I do not believe in the collective wisdom of individual ignorance.
-- Thomas Carlyle
pgpzPF7lB7Cfk.pgp
Description: PGP signature
