I wrote a parser func that relies on mkpasswd on the master ages ago:
http://pastie.org/pastes/222996
## mkpasswd("password", "12345678")
# needs an 8-char salt *always*
module Puppet::Parser::Functions
newfunction(:mkpasswd, :type => :rvalue) do |args|
%x{/usr/bin/mkpasswd -H MD5 #{args[0]} #{args[1]}}.chomp
end
end
## usage [plain_text]
$pw = mkpasswd("test", "12345678")
notify { $pw: }
## output [plain_text]
notice: //Node[junglist]/Notify[$1$12345678$oEitTZYQtRHfNGmsFvTBA/]/
message: is absent, should be $1$12345678$oEitTZYQtRHfNGmsFvTBA/
On Oct 4, 4:41 am, Mike Pountney <[EMAIL PROTECTED]> wrote:
> On 2 Oct 2008, at 18:01, Geoff Newell wrote:
>
> > I'm working on a turnkey Linux system where the post build config is
> > handled with puppet.
> > One of the unique constraints with a turnkey system is that
> > passwords are essentially set at build time and then stay fixed for
> > the life of the product.
> > I was wondering if anyone had used puppet to manage user passwords?
> > The 'user' type supports an encrypted hash, but ideally I need the
> > facility of passing in a plaintext password, md5 hash it and then
> > have puppet idempotently check it's been set.
>
> You can do this via shelling out via generate() on the puppetmaster:
>
> $salt = 'dqwdqaom'
> $password = 'mycleartextpassword'
>
> $md5_password = generate('/bin/sh', '-c', "/usr/bin/mkpasswd -H md5 -S
> $salt '$passwd' | tr -d '\n'")
>
> Ugly, but it works.
>
> The pretty way of doing this would be to create a custom function.
> We're intending on doing this, but it's not there yet.
>
> Cheers,
>
> Mike
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
