How to disable user's password via puppet securely?

password puppet linux user-management

The shadow(5) man pages says

If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not be able to use a unix password to log in (but the user may log in the system by other means).

So yes it is safe to use a *. The ! a the first character of an encrypted password is used by passwd(1) to indicate that a password is locked (passwd -l) and this can be unlocked (passwd -u).

Related

Evaluating current ACEs on NTFS ACLs with PowerShell
How to invalidate nginx reverse proxy cache in front of other nginx servers?
AWS: Should my EC2 and RDS instances be in the same Availability Zone?
Why not assign the hostname to the loopback address in /etc/hosts?
pip install seems to be ignoring dependency links
How to log multiline message with logger command?
Monit failing to connect to Dovecot over SSL IMAP
HAProxy set acl with hosts from file
why is php-fpm running as nobody?
Job Control/background process (using ampersand) in .ebextensions config commands
Has Windows Server Backup's Disk Space Management Changed in Server 2012?
How do I get notified on a failed deployment to azure?