salt.modules.bsd_shadow

Manage the password database on BSD systems

salt.modules.bsd_shadow.default_hash()

Returns the default hash used for unset passwords

CLI Example:

salt '*' shadow.default_hash
salt.modules.bsd_shadow.info(name)

Return information for the specified user

CLI Example:

salt '*' shadow.info someuser
salt.modules.bsd_shadow.set_change(name, change)

Sets the time at which the password expires (in seconds since the EPOCH). See man usermod on NetBSD and OpenBSD or man pw on FreeBSD. "0" means the password never expires.

CLI Example:

salt '*' shadow.set_change username 1419980400
salt.modules.bsd_shadow.set_expire(name, expire)

Sets the time at which the account expires (in seconds since the EPOCH). See man usermod on NetBSD and OpenBSD or man pw on FreeBSD. "0" means the account never expires.

CLI Example:

salt '*' shadow.set_expire username 1419980400
salt.modules.bsd_shadow.set_password(name, password)

Set the password for a named user. The password must be a properly defined hash. The password hash can be generated with this command:

python -c "import crypt; print crypt.crypt('password', ciphersalt)"

NOTE: When constructing the ciphersalt string, you must escape any dollar signs, to avoid them being interpolated by the shell.

'password' is, of course, the password for which you want to generate a hash.

ciphersalt is a combination of a cipher identifier, an optional number of rounds, and the cryptographic salt. The arrangement and format of these fields depends on the cipher and which flavor of BSD you are using. For more information on this, see the manpage for crpyt(3). On NetBSD, additional information is available in passwd.conf(5).

It is important to make sure that a supported cipher is used.

CLI Example:

salt '*' shadow.set_password someuser '$1$UYCIxa628.9qXjpQCjM4a..'