So, I set the password manually with passwd and got an entirely different hash than when I use the pw_hash function. The salt is obviously different as well, but the rest of /etc/shadow entry is the same. ssh user@localhost works with the password when I set manually with passwd, and does not work with pw_hash - not surprisingly. I tried lowercase sha-512, and got the same hash as with uppercase SHA-512. Both methods (working manual passwd, and non working pw_hash) start with $6$ which implies a sha-512 hash from the docs, so I think pw_hash is just broken for EL7. Which means the user resource is broken.
I guess temporarily, I'll just set the hash as a string and generate it with passwd, and see if that works - but it's obviously not ideal. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/64419ef7-6d5b-4028-8548-194ea8fae8c7%40googlegroups.com.
