Manage the password database on BSD systems
salt.modules.bsd_shadow.
default_hash
()¶Returns the default hash used for unset passwords
CLI Example:
salt '*' shadow.default_hash
salt.modules.bsd_shadow.
info
(name)¶Return information for the specified user
CLI Example:
salt '*' shadow.info someuser
salt.modules.bsd_shadow.
set_change
(name, change)¶Sets the time at which the password expires (in seconds since the EPOCH). See man usermod on NetBSD and OpenBSD or man pw on FreeBSD. "0" means the password never expires.
CLI Example:
salt '*' shadow.set_change username 1419980400
salt.modules.bsd_shadow.
set_expire
(name, expire)¶Sets the time at which the account expires (in seconds since the EPOCH). See man usermod on NetBSD and OpenBSD or man pw on FreeBSD. "0" means the account never expires.
CLI Example:
salt '*' shadow.set_expire username 1419980400
salt.modules.bsd_shadow.
set_password
(name, password)¶Set the password for a named user. The password must be a properly defined hash. The password hash can be generated with this command:
python -c "import crypt; print crypt.crypt('password', ciphersalt)"
NOTE: When constructing the ciphersalt
string, you must
escape any dollar signs, to avoid them being interpolated by the shell.
'password'
is, of course, the password for which you want to generate
a hash.
ciphersalt
is a combination of a cipher identifier, an optional number
of rounds, and the cryptographic salt. The arrangement and format of these
fields depends on the cipher and which flavor of BSD you are using. For
more information on this, see the manpage for crpyt(3)
. On NetBSD,
additional information is available in passwd.conf(5)
.
It is important to make sure that a supported cipher is used.
CLI Example:
salt '*' shadow.set_password someuser '$1$UYCIxa628.9qXjpQCjM4a..'