I have a node that sets the password for users on every run, and thus I see this:
Apr 10 08:48:35 secondary puppetd[17418]: (//Node[secondary]/Account[jessie]/User[jessie]/password) defined 'password' as
'$1$xxxxxxxxxxxxxxxxxxxxxxxx'
Apr 10 08:48:35 secondary usermod[18097]: change user `jessie' password
(password was replaced by xxxxxxxx}
I've got a component setup to manage users, it looks like this:
define account ( $homeroot="/home", $shell="/bin/bash", $uid, $gid, $ingroups = [ "adm", "users", "dialout" ], $password, $fullname=$name, $ensure=present )
{
group { $name:
name => $name,
gid => $gid,
ensure => present,
allowdupe => false
}
user { $name:
uid => $uid,
gid => $name,
comment => $name,
home => "${homeroot}/$name",
shell => $shell,
ensure => $ensure,
groups => $ingroups,
password => $password,
allowdupe => false,
require => Group[$name]
}
file { "${homeroot}/$name":
ensure => directory,
owner => $name, group => $name, mode => 750,
require => User[$name]
}
Then I am doing the following:
account {
"jessie": uid => 1005, gid => 1011, password => '$1$xxxxxxxxxxxxxxxxxxxxxxxx';
}
This behavior is only witnessed on those machines that do not have shadowed passwords enabled. This is an optional setting in Debian, and can be changed by running:
# dpkg-reconfigure passwd
and then answering yes/no to the question about enabling shadowed passwords.
I want shadowed passwords enabled, so the fact that this happened made me find out that they were not enabled on these machines and I've changed them and now I don't get the password being set on every run as before. However it seems possible that others may want shadow passwords disabled and may run into this problem, so I figured it was best to report it for those wondering what is going on.
