Hi John,
On Fri, Jan 13, 2012 at 9:22 AM, john eckhardt <johnefu...@gmail.com> wrote:
> Anyone have experience or tips around hashed password to configure
> windows users?
>
> class win-users {
> user { 'testuser': ensure => 'present', groups =>
> ['Administrators', 'Users'], password =>
> 'cc27822e173cfef6c584c84aa7581941' }
> }
>
Setting the password using an LM or NT hash is not supported frankly
because AFAIK Windows doesn't expose APIs for setting the password in this
format (excluding tools like chntpw). Part of the issue is that knowing the
hash is equivalent to knowing your password[1].
One way of dealing with this would be to encrypt the cleartext password
with the agent's public key, add it to the manifest, and then have the
windows user provider on the agent decrypt with its private key, then call
ADSI SetPassword. With that said, it's not something that is supported
today.
Josh
[1] http://oss.coresecurity.com/pshtoolkit/doc/index.html
--
Josh Cooper
Developer, Puppet Labs
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
