2009/8/28 Kyle Mallory <jesuswasir...@gmail.com>: > > The problem is, the User type (w/ manage_passwords enabled and ruby- > shadow installed) will only set the password in /etc/shadow, but it > doesn't manage any of the other shadow parameters, namely the > sp_lstchg parameter). As a result, after our 90-day period, all of > our passwords have updated, but the individual machines still think > that the passwords have expired, and refuses to let us log in.
It doesn't manage this because the type doesn't have any support for an "expire" attribute. > This seems a bug in the User type, in that if the password changes > from the previous password, it should also reset the last-changed > field as well. Ideally, if the User type is supporting passwords, it > would be nice if there were properties to also specify the other > shadow parameters, such as min, max, warn, expire, etc. Not a bug as such - the lack of a feature to do this. There is a ticket for the feature at: http://projects.reductivelabs.com/issues/2224 I had a play with it a while ago but got distracted and did other things. > I looked into the puppet provider code for User, but I couldn't make > sense of how to fix. Could someone point me to the right place so I > can try and change this behavior (or maybe someone from Reductive Labs > can fix it in an immediately upcoming update)? You need to add support in the type (see http://github.com/reductivelabs/puppet/blob/b728b931e5914cfeaf3d072fb77870e9a8ecf6cd/lib/puppet/type/user.rb) for an "expire" attribute and possibly add a feature (see the user.rb type code) for password expiration support that can enabled in user providers that support this functionality. You then need to enable appropriate support in each provider, if that platform allows password expiration support. Regards James Turnbull -- Author of: * Pro Linux Systems Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
