{"id":1311,"date":"2012-07-17T01:59:35","date_gmt":"2012-07-16T23:59:35","guid":{"rendered":"http:\/\/raftaman.net\/?p=1311"},"modified":"2021-05-15T11:46:39","modified_gmt":"2021-05-15T09:46:39","slug":"generating-puppet-password-hashes","status":"publish","type":"post","link":"https:\/\/possiblelossofprecision.net\/?p=1311","title":{"rendered":"Generating puppet password hashes"},"content":{"rendered":"

Puppet needs user passwords in configuration files to be encrypted in the format the local system expects. For Linux and most unix-like system, that means, you have to put the sha1 sum of the password into the configuration file.<\/p>\n

There are quite a few ways to generate those password hashes, e.g.<\/p>\n

\r\n$ openssl passwd -1\r\n  Password: \r\n  Verifying - Password: \r\n  $1$HTQx9U32$T6.lLkYxCp3F\/nGc4DCYM\/\r\n<\/pre>\n
You can then take the hash string and use it as password in a puppet configuration (e.g. http:\/\/docs.puppetlabs.com\/references\/stable\/type.html#user<\/a>)<\/p>\n
\r\nuser { 'root':\r\n  ensure           => 'present',\r\n  password         => '$1$HTQx9U32$T6.lLkYxCp3F\/nGc4DCYM\/',\r\n}\r\n<\/pre>\n
Be sure to put the password in single quotes<\/strong> if it contains a dollar sign ($) to ensure that puppet does interpret those as variables.<\/p>\n
Update:<\/strong><\/p>\n
MD5<\/a> hashes are not considered secure. In a production environment you most likely want to use a different hash function like SHA-512<\/a>. To generate a SHA-512 hash, run<\/p>\n
\r\n$ python -c 'import crypt; print crypt.crypt("password", "$6$salt")'\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Puppet needs user passwords in configuration files to be encrypted in the format the local system expects. For Linux and most unix-like system, that means, you have to put the sha1 sum of the password into the configuration file. There are quite a few ways to generate those password hashes, e.g. $ openssl passwd -1 Password: Verifying – Password: $1$HTQx9U32$T6.lLkYxCp3F\/nGc4DCYM\/… Read more »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[49],"class_list":["post-1311","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-puppet"],"_links":{"self":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts\/1311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1311"}],"version-history":[{"count":8,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts\/1311\/revisions"}],"predecessor-version":[{"id":2666,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts\/1311\/revisions\/2666"}],"wp:attachment":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}