Ask Your Question
1

Why Wont This User/Password Work?

asked 2014-02-01 21:52:37 -0500

opticyclic gravatar image

I am using Windows 7 and Vagrant to provision precise64. I have this in my puppet file.

user { "test":
    ensure => present,
    managehome => true,
    password => sha1('test'),
    groups => ["admin"],
    shell => "/bin/bash";
}

After vagrant up I do ssh test@testvm and try to use the password test but it fails with Permission Denied.

/etc/shadow looks like this

test:!:16103:0:99999:7:::

I seem to be doing everything that the documentation states: http://docs.puppetlabs.com/references/latest/type.html#user-attribute-password

Most modern Unix-like systems use salted SHA1 password hashes. You can use Puppet’s built-in sha1 function to generate ...

(more)
edit retag flag offensive close merge delete

Comments

I am not sure this is causing your problem or not but you might want to try shell => "/bin/bash", instead of shell => "/bin/bash";. Note the ;.

Red Cricket gravatar imageRed Cricket ( 2014-02-02 12:54:28 -0500 )edit

@red-cricket the semi colon is a valid way to end to the stanza.

ramindk gravatar imageramindk ( 2014-02-02 17:09:09 -0500 )edit

4 Answers

Sort by » oldest newest most voted
1

answered 2014-02-12 20:10:44 -0500

AronR gravatar image

updated 2014-02-18 19:05:57 -0500

This may or may not pertain to your Precise64 box ... however with Fedora 20 and Ubuntu Server 13.10 (also both 64-bit), it appeared both used the Unix password hash function, crypt, to create salted, SHA-512 hashes that work with their shadow password systems.

Following their approach, via a technique similar to the following, I was able to generate a string for the password => attribute in a user resource that successfully created users with initial passwords on both of these Linux distros, to the extent that:

  • SSH logins using those passwords were successful (assuming the requisite SSH/firewall access).
  • Changing ...
(more)
edit flag offensive delete link more
0

answered 2014-02-03 02:51:01 -0500

Marcus gravatar image

Hi,

one thing to consider are your settings in /etc/login.defs, and there is /etc/pam.d/system-auth.

I've got a box here with a recent CentOS and its got its password settings configured to SHA512:

 ~# tail /etc/login.defs
 # Use SHA512 to encrypt password.
 ENCRYPT_METHOD SHA512

~# grep -i sha /etc/pam.d/system-auth
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok

So, It looks like you're generating the wrong type of hash for the account.

edit flag offensive delete link more
0

answered 2014-02-02 17:07:48 -0500

ramindk gravatar image

I put you code into a test.pp file and run sudo puppet apply test.pp on a Linux machine and got the expected output with a sha1 password.

It's not clear from your question, but are you using Windows as the master? It's possible that there aren't SHA1 functions on the master which is why the password field is empty in the catalog.

edit flag offensive delete link more

Comments

I am using Windows 7 as the master. As mentioned in the question, the puppet docs say that sha1 is built in though.

opticyclic gravatar imageopticyclic ( 2014-04-21 10:29:45 -0500 )edit
0

answered 2014-02-03 00:19:14 -0500

spuder gravatar image

This isn't a puppet problem, it is due to the way that vagrant boxes setup ssh access.

Try and make a new user manually on the vagrant box, and you will find that they are unable to log in.

vagrant ssh
useradd foo -m
sudo passwd foo
exit

 vagrant ssh foo@192.168.x.x
#This will fail.

You will need to play with the vagrant settings to allow the new user to log in.
http://docs.vagrantup.com/v2/vagrantfile/ssh_settings.html

As a side note, while ending with a ; is valid syntax, it does not conform to puppet-lint standards

edit flag offensive delete link more

Comments

Neither the style guide nor puppet-lint have a problem ending a stanza for a single resource with a semi-colon thought the style guide does frown about mutiple declarations within a ...(more)

ramindk gravatar imageramindk ( 2014-02-03 01:22:25 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-02-01 21:52:37 -0500

Seen: 3,513 times

Last updated: Feb 18 '14