[chef] Re: Re: Creating a user on a UNIX box with an encrypted hash for a password

[Jeff Byrnes < >]

Might even be able to have Ruby shell out to generate that:

user 'foo' do

  action :create

  …

  password { `openssl passwd -l 'plaintextpassword'` }

end

You would want, I think, to not actually have the plain text password right there; I’d suggest perhaps using an encrypted data bag for the actual value there.

Lastly though; why use passwords at all? Why not use SSH keys? Far simpler to manage…

-- 

Jeff Byrnes
@thejeffbyrnes

Lead DevOps Engineer

EverTrue

704.516.4628

On March 4, 2015 at 8:27:33 AM, Fabien Delpierre ( "> ) wrote:

Hello,

I've never seen this syntax so I'm not sure it's supported. It's definitely not in the docs for Chef's user resource at https://docs.chef.io/resource_user.html.

The correct method is to obtain the password's shadow hash and use that in your recipe.

$ openssl passwd -1 "plaintextpassword"

That will return something like: $1$hLPHf35Y$.6m81pCpLfHrW/py5ee1Y.

Put that in your code after password, like so:

user "foo" do

  action :create
  ...

  password "$1$hLPHf35Y$.6m81pCpLfPHW/py5ee1Y."

end

Hope this helps.

Fabien

On Wed, Mar 4, 2015 at 7:36 AM, ANGELA EBIRIM < " target="_blank"> > wrote:

Hello everyone,

I'd appreciate some assistance.

I'm trying to create a user on a UNIX box with the following code:-

 user "svc_goagent" do 

   action :create

   comment "go agent"

  uid 1234

   gid 2000

   home "home/svc_goagent"

shell "/bin/bash"

   password  "{"encrypted_data"=>"ro21vM1nle78CTBLSNyr40e2tM9VZiiSfbinDAvwZpKov3r9gokq6jStDeAH\nsyRs\n", "iv"=>"PfWTKqKoc3OxO8WxTnW7Zg==\n", "version"=>1, "cipher"=>"aes-256-cbc"}"

supports :manage_home => true

 end

My problem is when I put this into a recipe and then do a chef run, I get errors that prevent the user from being created. Can someone please tell me what is the code to pass an encrypted hash as a password for a new user?

Thanks

Angela

Sent from iCloud