salt.modules.bsd_shadow

Manage the password database on BSD systems

salt.modules.bsd_shadow.default_hash()

Returns the default hash used for unset passwords

CLI 范例:

salt '*' shadow.default_hash
salt.modules.bsd_shadow.del_password(name)

2015.8.2 新版功能.

Delete the password from name user

CLI 范例:

salt '*' shadow.del_password username
salt.modules.bsd_shadow.info(name)

Return information for the specified user

CLI 范例:

salt '*' shadow.info someuser
salt.modules.bsd_shadow.set_change(name, change)

Sets the time at which the password expires (in seconds since the UNIX epoch). See man 8 usermod on NetBSD and OpenBSD or man 8 pw on FreeBSD.

A value of 0 sets the password to never expire.

CLI 范例:

salt '*' shadow.set_change username 1419980400
salt.modules.bsd_shadow.set_expire(name, expire)

Sets the time at which the account expires (in seconds since the UNIX epoch). See man 8 usermod on NetBSD and OpenBSD or man 8 pw on FreeBSD.

A value of 0 sets the account to never expire.

CLI 范例:

salt '*' shadow.set_expire username 1419980400
salt.modules.bsd_shadow.set_password(name, password)

Set the password for a named user. The password must be a properly defined hash. The password hash can be generated with this command:

python -c "import crypt; print crypt.crypt('password', ciphersalt)"

注解

When constructing the ciphersalt string, you must escape any dollar signs, to avoid them being interpolated by the shell.

'password' is, of course, the password for which you want to generate a hash.

ciphersalt is a combination of a cipher identifier, an optional number of rounds, and the cryptographic salt. The arrangement and format of these fields depends on the cipher and which flavor of BSD you are using. For more information on this, see the manpage for crpyt(3). On NetBSD, additional information is available in passwd.conf(5).

It is important to make sure that a supported cipher is used.

CLI 范例:

salt '*' shadow.set_password someuser '$1$UYCIxa628.9qXjpQCjM4a..'