shadow
is a virtual module that is fulfilled by one of the following
modules:
Execution Module | Used for |
---|---|
shadow |
Linux |
bsd_shadow |
FreeBSD, OpenBSD, NetBSD |
solaris_shadow |
Solaris-based OSes |
win_shadow |
Windows |
Manage the shadow file on Linux systems
Important
If you feel that Salt should be using this module to manage passwords on a minion, and it is using a different module (or gives an error similar to 'shadow.info' is not available), see here.
salt.modules.shadow.
default_hash
()¶Returns the default hash used for unset passwords
CLI Example:
salt '*' shadow.default_hash
salt.modules.shadow.
del_password
(name)¶New in version 2014.7.0.
Delete the password from name user
CLI Example:
salt '*' shadow.del_password username
salt.modules.shadow.
gen_password
(password, crypt_salt=None, algorithm='sha512')¶New in version 2014.7.0.
Generate hashed password
Note
When called this function is called directly via remote-execution, the password argument may be displayed in the system's process list. This may be a security risk on certain systems.
The following hash algorithms are supported:
CLI Example:
salt '*' shadow.gen_password 'I_am_password'
salt '*' shadow.gen_password 'I_am_password' crypt_salt='I_am_salt' algorithm=sha256
salt.modules.shadow.
info
(name)¶Return information for the specified user
CLI Example:
salt '*' shadow.info root
salt.modules.shadow.
set_date
(name, date)¶Sets the value for the date the password was last changed to days since the epoch (January 1, 1970). See man chage.
CLI Example:
salt '*' shadow.set_date username 0
salt.modules.shadow.
set_expire
(name, expire)¶Changed in version 2014.7.0.
Sets the value for the date the account expires as days since the epoch (January 1, 1970). Using a value of -1 will clear expiration. See man chage.
CLI Example:
salt '*' shadow.set_expire username -1
salt.modules.shadow.
set_inactdays
(name, inactdays)¶Set the number of days of inactivity after a password has expired before the account is locked. See man chage.
CLI Example:
salt '*' shadow.set_inactdays username 7
salt.modules.shadow.
set_maxdays
(name, maxdays)¶Set the maximum number of days during which a password is valid. See man chage.
CLI Example:
salt '*' shadow.set_maxdays username 90
salt.modules.shadow.
set_mindays
(name, mindays)¶Set the minimum number of days between password changes. See man chage.
CLI Example:
salt '*' shadow.set_mindays username 7
salt.modules.shadow.
set_password
(name, password, use_usermod=False)¶Set the password for a named user. The password must be a properly defined hash. The password hash can be generated with this command:
python -c "import crypt; print crypt.crypt('password',
'\$6\$SALTsalt')"
SALTsalt
is the 8-character crpytographic salt. Valid characters in the
salt are .
, /
, and any alphanumeric character.
Keep in mind that the $6 represents a sha512 hash, if your OS is using a different hashing algorithm this needs to be changed accordingly
CLI Example:
salt '*' shadow.set_password root '$1$UYCIxa628.9qXjpQCjM4a..'
salt.modules.shadow.
set_warndays
(name, warndays)¶Set the number of days of warning before a password change is required. See man chage.
CLI Example:
salt '*' shadow.set_warndays username 7