Probably not. In theory, this would actually update the date every time the 'user' type successfully runs.
I ended up hacking together my own function that would do what I wanted it to do. Hoping to roll it back into the main user type someday.... Trevor On Thu, Aug 27, 2009 at 21:24, Len Rugen<lenru...@gmail.com> wrote: > Just thinking.... could the password change use notify of a "usermod -e > new-yyyy-dd-mm" command? > > On Thu, Aug 27, 2009 at 2:05 PM, Kyle Mallory <jesuswasir...@gmail.com> > wrote: >> >> We have a policy that requires all user passwords to expire after 90 >> days. We also use puppet for managing all users on our machines. Our >> hope was, when our passwords expire, we could update the puppet >> manifest which would propogate to all our servers, thus updating all >> our passwords. >> >> The problem is, the User type (w/ manage_passwords enabled and ruby- >> shadow installed) will only set the password in /etc/shadow, but it >> doesn't manage any of the other shadow parameters, namely the >> sp_lstchg parameter). As a result, after our 90-day period, all of >> our passwords have updated, but the individual machines still think >> that the passwords have expired, and refuses to let us log in. >> >> This seems a bug in the User type, in that if the password changes >> from the previous password, it should also reset the last-changed >> field as well. Ideally, if the User type is supporting passwords, it >> would be nice if there were properties to also specify the other >> shadow parameters, such as min, max, warn, expire, etc. >> >> I looked into the puppet provider code for User, but I couldn't make >> sense of how to fix. Could someone point me to the right place so I >> can try and change this behavior (or maybe someone from Reductive Labs >> can fix it in an immediately upcoming update)? >> >> Thanks, >> >> >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
