I figured it out. Thanks for the help. It's because I wasn't doing I
password => pw_hash(*'password'*, 'SHA-512', 'mysalt'),
I was doing
Sensitive(pw_hash(*'$password'*, 'SHA-512', 'oursalt')),
And because I used single quotes, it wasn't actually getting the parameter
/ variable, but the literal $password. Remove the quotes entirely because
it's just a variable, and it works!
And this is why you can't always just copy -> paste -> edit your stuff in!.
On Friday, November 15, 2019 at 8:55:57 AM UTC-5, Bart-Jan Vrielink wrote:
>
> Hello,
>
>
> I'm still puzzled by why this is not working on your system. The following
> works for me on a Centos7 machine:
>
>
> user { 'testuser':
> ensure => 'present',
> password => pw_hash('password', 'SHA-512', 'mysalt'),
> }
>
>
> -----Original message-----
> *From:* jmp242 <[email protected] <javascript:>>
> *Sent:* Friday 15th November 2019 14:41
> *To:* Puppet Users <[email protected] <javascript:>>
> *Subject:* Re: [Puppet Users] Managing a local users password with puppet
> on EL7
>
> So, I set the password manually with passwd and got an entirely different
> hash than when I use the pw_hash function. The salt is obviously different
> as well, but the rest of /etc/shadow entry is the same. ssh user@localhost
> works with the password when I set manually with passwd, and does not work
> with pw_hash - not surprisingly.
>
> I tried lowercase sha-512, and got the same hash as with uppercase
> SHA-512. Both methods (working manual passwd, and non working pw_hash)
> start with $6$ which implies a sha-512 hash from the docs, so I think
> pw_hash is just broken for EL7. Which means the user resource is broken.
>
> I guess temporarily, I'll just set the hash as a string and generate it
> with passwd, and see if that works - but it's obviously not ideal.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected] <javascript:>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/64419ef7-6d5b-4028-8548-194ea8fae8c7%40googlegroups.com
>
> <https://groups.google.com/d/msgid/puppet-users/64419ef7-6d5b-4028-8548-194ea8fae8c7%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/609eade7-8f51-4881-a7a5-9aaeda2571c3%40googlegroups.com.
