You are viewing docs from a branch that is no longer active. You might want to view docs for the 2015.8.x release instead.

salt.modules.shadow¶

Manage the shadow file

salt.modules.shadow.default_hash()¶

Returns the default hash used for unset passwords

CLI Example:

salt '*' shadow.default_hash

salt.modules.shadow.del_password(name)¶

Delete the password from name user

CLI Example:

salt '*' shadow.del_password username

salt.modules.shadow.gen_password(password, crypt_salt=None, algorithm='sha512')¶

Generate hashed password

password

Plaintext password to be hashed.

crypt_salt

Crpytographic salt. If not given, a random 8-character salt will be generated.

algorithm

The following hash algorithms are supported:

CLI Example:

salt '*' shadow.gen_password 'I_am_password'
salt '*' shadow.gen_password 'I_am_password' crypt_salt'I_am_salt' algorithm=sha256

salt.modules.shadow.info(name)¶

Return information for the specified user

CLI Example:

salt '*' shadow.info root

salt.modules.shadow.set_date(name, date)¶

Sets the value for the date the password was last changed to days since the epoch (January 1, 1970). See man chage.

CLI Example:

salt '*' shadow.set_date username 0

salt.modules.shadow.set_expire(name, expire)¶

Changed in version 2014.7.0.

Sets the value for the date the account expires as days since the epoch (January 1, 1970). Using a value of -1 will clear expiration. See man chage.

CLI Example:

salt '*' shadow.set_expire username -1

salt.modules.shadow.set_inactdays(name, inactdays)¶

Set the number of days of inactivity after a password has expired before the account is locked. See man chage.

CLI Example:

salt '*' shadow.set_inactdays username 7

salt.modules.shadow.set_maxdays(name, maxdays)¶

Set the maximum number of days during which a password is valid. See man chage.

CLI Example:

salt '*' shadow.set_maxdays username 90

salt.modules.shadow.set_mindays(name, mindays)¶

Set the minimum number of days between password changes. See man chage.

CLI Example:

salt '*' shadow.set_mindays username 7

salt.modules.shadow.set_password(name, password, use_usermod=False)¶

Set the password for a named user. The password must be a properly defined hash. The password hash can be generated with this command:

python -c "import crypt; print crypt.crypt('password', '\$6\$SALTsalt')"

SALTsalt is the 8-character crpytographic salt. Valid characters in the salt are ., /, and any alphanumeric character.

Keep in mind that the $6 represents a sha512 hash, if your OS is using a different hashing algorithm this needs to be changed accordingly

CLI Example:

salt '*' shadow.set_password root '$1$UYCIxa628.9qXjpQCjM4a..'

salt.modules.shadow.set_warndays(name, warndays)¶

Set the number of days of warning before a password change is required. See man chage.

CLI Example:

salt '*' shadow.set_warndays username 7