Manage the password database on BSD systems
Important
If you feel that Salt should be using this module to manage passwords on a minion, and it is using a different module (or gives an error similar to 'shadow.info' is not available), see here.
salt.modules.bsd_shadow.
default_hash
()¶Returns the default hash used for unset passwords
CLI Example:
salt '*' shadow.default_hash
salt.modules.bsd_shadow.
del_password
(name)¶New in version 2015.8.2.
Delete the password from name user
CLI Example:
salt '*' shadow.del_password username
salt.modules.bsd_shadow.
gen_password
(password, crypt_salt=None, algorithm='sha512')¶Generate hashed password
Note
When called this function is called directly via remote-execution, the password argument may be displayed in the system's process list. This may be a security risk on certain systems.
Plaintext password to be hashed.
Crpytographic salt. If not given, a random 8-character salt will be generated.
The following hash algorithms are supported:
md5
blowfish (not in mainline glibc, only available in distros that add it)
sha256
sha512 (default)
CLI Example:
salt '*' shadow.gen_password 'I_am_password'
salt '*' shadow.gen_password 'I_am_password' crypt_salt='I_am_salt' algorithm=sha256
salt.modules.bsd_shadow.
info
(name)¶Return information for the specified user
CLI Example:
salt '*' shadow.info someuser
salt.modules.bsd_shadow.
set_change
(name, change)¶Sets the time at which the password expires (in seconds since the UNIX
epoch). See man 8 usermod
on NetBSD and OpenBSD or man 8 pw
on
FreeBSD.
A value of 0
sets the password to never expire.
CLI Example:
salt '*' shadow.set_change username 1419980400
salt.modules.bsd_shadow.
set_expire
(name, expire)¶Sets the time at which the account expires (in seconds since the UNIX
epoch). See man 8 usermod
on NetBSD and OpenBSD or man 8 pw
on
FreeBSD.
A value of 0
sets the account to never expire.
CLI Example:
salt '*' shadow.set_expire username 1419980400
salt.modules.bsd_shadow.
set_password
(name, password)¶Set the password for a named user. The password must be a properly defined
hash. A password hash can be generated with gen_password()
.
It is important to make sure that a supported cipher is used.
CLI Example:
salt '*' shadow.set_password someuser '$1$UYCIxa628.9qXjpQCjM4a..'