On Fri, 31 Mar 2023 at 06:42, Dick Visser <[email protected]> wrote: > > Looking at > https://help.ubuntu.com/community/Grub2/Passwords#Password_Encryption, it > seems that grub uses pbkdf2 with sha512, with a fixed number of 10000 rounds. > > IIRC python passlib supports that so it should be possible to generate with > the ansible password_hash filter: > https://docs.ansible.com/ansible/latest/collections/ansible/builtin/password_hash_filter.html
Actually, it's not that easy. I had previously created a filter to generate PBKDF2 hashes for the "mosquitto" application. Based on that I made a grub_mkpasswd_pbkdf2 filter: https://gist.github.com/dnmvisser/c567608193ad6bc1465b182e9a58bca7 Example on how to use it: dick.visser@foobar ~$ ansible -i localhost, all -m debug -a msg="{{ 'hackme' | grub_mkpasswd_pbkdf2 }}" localhost | SUCCESS => { "msg": "grub.pbkdf2.sha512.10000.380BF76393CDE1AB16ACE9F32AE6DB262FDD43021FEEEC1A94B87F14640F6D09D3D7DA61977BB7A4384766697148758D061E84FD5F81745EDDFF4E4B6C7DB0D0.92DC5B05FED969DB16BC4982B8B23B8B575D12E2ED776A911D7D47901DC5DDD8B4BAD65C535C33900321D050B8BE9BC2A6C3EDF96C1FB0825A0DC54BBBEB2F5B" } -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLZ4TakZXYW0PxeBOm0XOSmcp2au7hwPqTr_Bn2kUEawUg%40mail.gmail.com.
