salt.modules.win_shadow

Manage the shadow file

Important

If you feel that Salt should be using this module to manage passwords on a minion, and it is using a different module (or gives an error similar to 'shadow.info' is not available), see here.

salt.modules.win_shadow.info(name, password=None, **kwargs)

Return information for the specified user This is just returns dummy data so that salt states can work.

Parameters
  • name (str) -- The name of the user account to show.

  • password (str) --

    The password to verify. Default is None

    Note

    There is no way to compare hashes on a Windows password. The way to check passwords it to attempt a logon. If Salt can logon with password then that value will be returned as passwd.

Returns

A dictionary of information about the Windows password status

Return type

dict

Raises

CommandExecutionError -- If the user account is locked and you passed a password to check.

CLI Example:

salt '*' shadow.info Administrator
salt.modules.win_shadow.require_password_change(name)

Require the user to change their password the next time they log in.

Parameters

name -- The name of the user account to require a password change.

Returns

True if successful. False if unsuccessful.

Return type

bool

CLI Example:

salt '*' shadow.require_password_change <username>
salt.modules.win_shadow.set_expire(name, expire)

Set the expiration date for a user account.

Parameters
  • name -- The name of the user account to edit.

  • expire -- The date the account will expire.

Returns

True if successful. False if unsuccessful.

Return type

bool

CLI Example:

salt '*' shadow.set_expire <username> 2016/7/1
salt.modules.win_shadow.set_password(name, password)

Set the password for a named user.

Parameters
  • name (str) -- The name of the user account

  • password (str) -- The new password

Returns

True if successful. False if unsuccessful.

Return type

bool

CLI Example:

salt '*' shadow.set_password root mysecretpassword
salt.modules.win_shadow.unlock_account(name)

Unlocks a user account.

Parameters

name -- The name of the user account to unlock.

Returns

True if successful. False if unsuccessful.

Return type

bool

CLI Example:

salt '*' shadow.unlock_account <username>
salt.modules.win_shadow.verify_password(name, password, domain='.')

Checks a username/password combination. For use with the state system to verify the user password.

Note

An invalid password will generate a Logon Audit Failure event in the security log. A valid password will generate a Logon Audit Success event.

Warning

This essentially attempts to logon with the passed credentials and will therefore lock the account if it reaches the failed logon attempt threshold. If that happens, this function attempts to unlock the account. This has the side-effect of resetting the number of failed logon attempts to 0.

Parameters
  • name (str) -- The username to check

  • password (str) -- The password to check

  • domain (str) -- The name of the domain for the user. Default is '.'

Returns

True if password is valid, otherwise False

Return type

bool

Raises

CommandExecution -- If the user account is locked or an unknown error occurs

Example:

salt * shadow.verify_password spongebob P@ssW0rd