Close

Puppet – Setting user password

When you use the user resource, you’ll notice that it contains a password attribute. This can only be used to enter an encrypted password, aka a hashed password. For security reasons, you cannot use a plain text password.

Announcement

You can find all my latest posts on medium.

Also for some reason, you can’t use the passwd command to create hash value and retrieve that value from teh /etc/shadow file either. However Puppet passes the password supplied in the user type definition into the /etc/shadow file.

You have to use the openssl command to generate the hash:

 
#openssl passwd -1  
#Enter your password here 
Password: 
Verifying - Password: 
 $1$HTumvYUGYUGwsxQxCp3F/nGc4DCYM

You then insert this password into your resource:

user { 'TestUser': 
  ensure   => present,
  password => '$1$HTumvYUGYUGwsxQxCp3F/nGc4DCYM',
}