Close

Puppet – Setting user password

When you use the user resource, you’ll notice that it contains a password attribute. This can only be used to enter an encrypted password, aka a hashed password. For security reasons, you cannot use a plain text password.

Announcement

I have released my new course on Udemy, Kubernetes By Example. Sign up now to get free lifetime access!

Also for some reason, you can’t use the passwd command to create hash value and retrieve that value from teh /etc/shadow file either. However Puppet passes the password supplied in the user type definition into the /etc/shadow file.

You have to use the openssl command to generate the hash:

 
#openssl passwd -1  
#Enter your password here 
Password: 
Verifying - Password: 
 $1$HTumvYUGYUGwsxQxCp3F/nGc4DCYM

You then insert this password into your resource:

user { 'TestUser': 
  ensure   => present,
  password => '$1$HTumvYUGYUGwsxQxCp3F/nGc4DCYM',
}