Re: [ansible-project] Setting user password via ansible module user didn't work as expected

Fri, 24 Jun 2016 08:41:54 -0700 

On 24. juni 2016 09:43, Jörg Kastning wrote:

This is a short version from the complete string. I try to set the password
with the following command:
ansible localhost -m user -a "name=johnd
password='$6$rounds=100000$nu.kkTNOWqlbz.6T$JtYE/77zl9p...' state=present"

But when I lookup the has in /etc/shadow it looks like:

grep 'johnd' /etc/shadow

johnd:=100000$nu.kkTNOWqlbz.6T$JtYE/77zl9p:16976:0:99999:7:::
This is because shell expansion, the shell expand $6 and $rounds since it sees them as variables. 

Swap your quotes and it should work.
ansible localhost -m user -a 'name=johnd password="$6$rounds=100000$nu.kkTNOWqlbz.6T$JtYE/77zl9p..." state=present' 



And just now I figured out, that the python command generates a different
has every time for the same password:
root@hostname>python -c "from passlib.hash import sha512_crypt; import
getpass; print sha512_crypt.encrypt(getpass.getpass())"
Password:
$6$rounds=100000$GQDbqHk4Y1bcLF8t$PjC0r5o.B75.
buNFvcOhSp2SdB4zRTfVlbrQ2u7aN5W9L5h1UqOaGMHAYtR.QvmcmUF2vLGSfAR30fYwcvvzJ.
[2016.06.24 09:35:18] ~
root@hostname>python -c "from passlib.hash import sha512_crypt; import
getpass; print sha512_crypt.encrypt(getpass.getpass())"
Password:
$6$rounds=100000$t57obQLCBDhu.0Hx$ffsDGXXLuAjCnl5Mv7wLoZuzcJqkw.wJ0NQn1/
K9bP9hu4dH4gZmZQ0GXb.7lsBSmAOSeo26IJqNlGq90MALP0
[2016.06.24 09:35:27] ~
root@hostname>python -c "from passlib.hash import sha512_crypt; import
getpass; print sha512_crypt.encrypt(getpass.getpass())"
Password:
$6$rounds=100000
$yLMPFyCM2ZmftBaX$QP3uBV7WHUjrD2G0xO7VXIdILivE0Y1pgbLrlgRBicD3e7dRNSx1cCF1FEeOLzPLK
.AuuSGVQESwpixlWj8o01
Since you have not specified the salt in sha512_crypt.encrypt it makes a random one. This is the reason the hashes is different with the same password. The output format is $id$rounds$salt$hashed 


--
Kai Stian Olstad

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/576D5496.8040503%40olstad.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to