- From: Brad Pardee <
>
- To: "
" <
>
- Subject: [chef] Re: Re: How to keep from resetting user password
- Date: Sat, 25 Sep 2010 13:45:08 -0700
- Accept-language: en-US
- Acceptlanguage: en-US
Non-technical users just using the machine for sftp uploads.
I think I solved my problem by adding a getpwnam check:
password params[:password].crypt(params[:password]) if params[:password]
&& Etc.getpwnam(params[:name]).nil?
On Sep 25, 2010, at 3:08 PM, Joshua Timberman wrote:
>
Is there a particular reason to have user passwords set?
>
>
I recommend not setting user passwords on the user definitions, only
>
allow login via ssh with keys, and set sudo up for users that need
>
root access with "NOPASSWD".
>
>
This is consistent with recommendations from security experts such as
>
SANS Institute, too :).
>
>
On Sat, Sep 25, 2010 at 12:47 PM,
>
<
>
>
wrote:
>
> I want to use chef to maintain users with a default password while
>
> allowing the
>
> user to change their password. Each time I rerun chef-client, the user's
>
> password gets reset. Is there a way I can keep it from resetting back to
>
> the
>
> default? I'm thinking about only adding the password param if the entry
>
> isn't
>
> already in /etc/passwd but it seems like there should be an easier way?
>
>
>
>
>
>
--
>
Opscode, Inc
>
Joshua Timberman, Senior Solutions Engineer
>
C: 720.878.4322 E:
>
>
Archive powered by MHonArc 2.6.16.