On Nov 5, 9:19 am, Mark_SysAdm <timetra...@gmail.com> wrote: > What are the recommended practices for adding regular users with a > specific group and password ? I'd like to add new users to a cluster, > and also to append an existing ssh key to authorized_keys on all the > cluster nodes for some users. > > This is the best user add solution I've found so far, but it doesn't > quite do everything I want : > > http://itand.me/using-puppet-to-manage-users-passwords-and-ss > > I'm looking for a way to do something like: > > class users { > @user { "ajolie": > ensure => "present", > uid => "1001", > group => "1550", > comment => "Tomb Raider", > home => "/home/ajolie", > managehome => true, > password => "aaaaaaaaabbbbbbbbbccccccccc01010", > } > > @user { "nextuser": > ... > password => "aaaaaabbbbccccccddddd01", > } > > } > > Does Puppet handle passwords with something already built-in? If not, > is it in future plans? > Would love to have one file that has all the user info in it, > including encrypted passwords. > > Played with making a setpasswd script that used a specific encrypted > password: > ----- > #!/bin/bash > #setpass.sh: > copyfrom=existingusername > encpass=`grep $copyfrom /etc/shadow | cut -f 2 -d : ` > /usr/sbin/usermod -p "$encpass" $username > ------- > but then I have to copy that script out to all nodes first. > > Any better suggestions?
http://forge.puppetlabs.com/ghoneycutt/generic That module shows how I handle users. You define them all in one place and then realize them as needed. You can specify password hashes, but those can be brute forced, so you would want to build security around who can access your puppet code. Below is a snippet of how it works. # Sample Usage: # # create apachehup user and realize it # @mkuser { "apachehup": # uid => "32001", # gid => "32001", # home => "/home/apachehup", # managehome => "true", # comment => "Apache Restart User", # dotssh => "true", # } # @mkuser # # realize Generic::Mkuser[apachehup] -g -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
