salt.modules.solaris_shadow

Manage the password database on Solaris systems

Important

If you feel that Salt should be using this module to manage passwords on a minion, and it is using a different module (or gives an error similar to 'shadow.info' is not available), see here.

salt.modules.solaris_shadow.default_hash()

Returns the default hash used for unset passwords

CLI Example:

salt '*' shadow.default_hash
salt.modules.solaris_shadow.del_password(name)

New in version 2015.8.8.

Delete the password from name user

CLI Example:

salt '*' shadow.del_password username
salt.modules.solaris_shadow.gen_password(password, crypt_salt=None, algorithm='sha512')

New in version 2015.8.8.

Generate hashed password

Note

When called this function is called directly via remote-execution, the password argument may be displayed in the system's process list. This may be a security risk on certain systems.

password

Plaintext password to be hashed.

crypt_salt

Crpytographic salt. If not given, a random 8-character salt will be generated.

algorithm

The following hash algorithms are supported:

  • md5

  • blowfish (not in mainline glibc, only available in distros that add it)

  • sha256

  • sha512 (default)

CLI Example:

salt '*' shadow.gen_password 'I_am_password'
salt '*' shadow.gen_password 'I_am_password' crypt_salt='I_am_salt' algorithm=sha256
salt.modules.solaris_shadow.info(name)

Return information for the specified user

CLI Example:

salt '*' shadow.info root
salt.modules.solaris_shadow.set_maxdays(name, maxdays)

Set the maximum number of days during which a password is valid. See man passwd.

CLI Example:

salt '*' shadow.set_maxdays username 90
salt.modules.solaris_shadow.set_mindays(name, mindays)

Set the minimum number of days between password changes. See man passwd.

CLI Example:

salt '*' shadow.set_mindays username 7
salt.modules.solaris_shadow.set_password(name, password)

Set the password for a named user. The password must be a properly defined hash, the password hash can be generated with this command: openssl passwd -1 <plaintext password>

CLI Example:

salt '*' shadow.set_password root $1$UYCIxa628.9qXjpQCjM4a..
salt.modules.solaris_shadow.set_warndays(name, warndays)

Set the number of days of warning before a password change is required. See man passwd.

CLI Example:

salt '*' shadow.set_warndays username 7