On 2/10/16 8:38 AM, Warron French wrote: > Hello, I was hoping someone could help with answering this question, for > the following scenario. > > On our network we have some OLD ( I mean 1/06, up to 1/09) Solaris 10 > SPARC servers and workstations along with newer Solaris 10 SPARC servers > (running even the lastest revisions, like 1/13); and we have CentOS > servers and workstations. > > The password hashing algorithm is different between the OLD Solaris 10 > SPARC servers and workstations versus the newer *recently > rebuilt* Solaris 10 1/13 SPARC servers and workstations; the *older ones > *run with *MD5*for password hashing, we don't want that. Even some of > the Solaris 10 machines that running the newer Solaris 10 1/13 (build a > couple of years ago) might be running with the MD5 hashing algorithm. > *All* of our CENTOS systems though, thank goodness, are running with > the sha-512 (yay!). > > > Anyway, we have a potential project to use puppet to populate/generate > *LOCAL *(not AD/LDAP) accounts across all of our systems and want our > passwords for each of the accounts added to be the same; but of course, > if the > /password/ attribute given to the *user* resource in the puppet code is > of an incorrect hash-type, then that account will not work properly. > > That is why I am asking for help, to achieve this particular goal. > > Thank you in advance, > Warron >
Hi Warron, Supporting many OS's, I often hit this problem and solve it through Hiera. There you can specify different password hashes based on a mixture of facts such as osfamily and operatingsystemmajrelease. While the hashes are not plain text, they can still easily be cracked. Suggest taking a look at hiera-eyaml[1] to encrypt them. [1] - https://github.com/TomPoulton/hiera-eyaml Best regards, -g -- Garrett Honeycutt @learnpuppet Puppet Training with LearnPuppet.com Mobile: +1.206.414.8658 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56BB56B3.1070005%40garretthoneycutt.com. For more options, visit https://groups.google.com/d/optout.
