On Aug 31, 4:11 pm, James Turnbull <ja...@lovedthanlost.net> wrote:
> 2009/8/28 Kyle Mallory <jesuswasir...@gmail.com>:
>
>
>
> > The problem is, the User type (w/ manage_passwords enabled and ruby-
> > shadow installed) will only set the password in /etc/shadow, but it
> > doesn't manage any of the other shadow parameters, namely the
> > sp_lstchg parameter). As a result, after our 90-day period, all of
> > our passwords have updated, but the individual machines still think
> > that the passwords have expired, and refuses to let us log in.
>
> It doesn't manage this because the type doesn't have any support for
> an "expire" attribute.
>
> > This seems a bug in the User type, in that if the password changes
> > from the previous password, it should also reset the last-changed
> > field as well. Ideally, if the User type is supporting passwords, it
> > would be nice if there were properties to also specify the other
> > shadow parameters, such as min, max, warn, expire, etc.
>
> Not a bug as such - the lack of a feature to do this. There is a
> ticket for the feature at:
>
> http://projects.reductivelabs.com/issues/2224
Maybe I'm missing something, but I don't think ticket 2224 is about
quite the same thing. Kyle isn't asking to manage an expiration date
for the account. Rather, he's asserting that when Puppet changes the
user's password, it should update the field in the shadow file that
records when the password was last changed. I agree with him, and I
don't see why any new User property should be needed to control that.
I'm not going to argue about whether this should be regarded as a
missing feature or a bug.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
