Re: [Puppet Users] Creating user with random password (only once)

Wed, 08 Feb 2012 12:01:09 -0800 

In one user management setup, I use htpasswd to create a random password just 
to secure the account.
Like this:

htpasswd -nmb whoever `mkpasswd`  | cut -d: -f2 | passwd --stdin <username>

Then, with over-the-shoulder admin access, the user can set their own password.

“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

----- wernerbahlke <werner.bah...@gmail.com> wrote:
> Hi,
> 
> I want to create a user with a random password. Is there a way to only
> execute the manifest once when the user does not exist but not once
> the user is created?
> 
> I know how to create a random password and can use generate to execute
> this function (or make it a custom fact provided I get this fact
> executed).
> 
> So far I call an add_user method define in a users module out of my
> base class. Here is the code:
> 
>   include users
> 
>   users::add_user { 'testuser':
>     name     => 'testuser',
>     uid      => '777',
>     password => generate('/usr/local/bin/new_hash'),
>     shell    => '/bin/csh',
>     groups   => 'testuser',
>   }
> 
> But alas this will get executed every time the client runs since the
> password will have changed due to the new generate call.
> 
> One work-around I could think of is to create the user on the client
> (FreeBSD) using an exec calling the makepassword and pw command.
> 
> Then I could check for existance of the user in the masterpasswd file
> with an unless check.
> 
> But I much prefer do this with Puppet natively.
> 
> Any suggestions will be greatly appreciated.
> 
> Werner
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to