How can I have puppet only set password when creating a user?

puppet linux user-management

I want Puppet not to manage a password (i.e., reset it when it's changed) but to set the initial password when Puppet creates the user.

I was thinking of doing a notify to an Exec resource that sets the password but this is triggered when any property that Puppet manages is modified (e.g., group membership, home directory, etc.). I do not want that.

Any ideas?


Puppet itself doesn't natively support "set password at user creation but not otherwise".

One option would be to set up an external auth source, such as LDAP.

Another would be your notify to an Exec idea, but the make the Exec a little smarter.

exec {
  "/usr/sbin/usermod -p '${password}' ${user}":
    onlyif => "/bin/egrep -q '^${user}:[*!]' /etc/shadow",
    require => User[$user];
}

I haven't tested that, but by checking if the password hasn't been set in the Exec resource, you should get the result you were looking for. I think set up that way, the notify/refreshonly stuff isn't necessary, but probably wouldn't hurt.

Related

Apache - Redirect to https before AUTH
Postgresql 9.2 "invalid locale name" on Ubuntu 12.04
has my server been hacked w00tw00t.at.ISC.SANS.DFind
How do I determine what the Windows Installer (msiexec) is doing?
Getting SSL certificate chain from jabber server
Backup storage server with ZFS
Anybody have experience with using Nexenta? [closed]
SSH between EC2 instances not permitted
Minimum number of disks to implement RAID6
RAID strategy - 8 1TB drives
Installing open-vm-tools in Ubuntu via Puppet; what's the lesser evil?
Automated hardware testing of HP servers?