Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Allow plaintext password to be used #23

wants to merge 3 commits into from

2 participants


Databag encryption is dealt with elsewhere, so it seems alright that some folks might not care that the non-shadowhashed password is used from the databag.

Thinking maybe we could check:

Would regenerate each time chef runs, but don't think that would be an issue?

I'll try to test it out


This is absolutely ugly and not a final solution, but just wanted to get it working for now. In reality, this needs to go into the LWRP


Let me know if this looks alright, and I'll send in a patch for the README before merging :)


@patcon this can be implemented outside as a helper library and the resultant hash can be passed in to the lwrp. Sorry for getting back so late. I'm trying to get all the PRs reviewed and cut a release. Feel free to reopen if you have other suggestion

@ranjib ranjib closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 29, 2012
  1. @patcon
Commits on Oct 30, 2012
  1. @patcon
Commits on Nov 20, 2012
  1. @patcon
This page is out of date. Refresh to see the latest.
16 providers/account.rb
@@ -23,11 +23,23 @@ def load_current_resource
@my_home = new_resource.home ||
@my_shell = || node['user']['default_shell']
+ @my_password = if bool(new_resource.use_plaintext, node['user']['use_plaintext'])
+ generate_hash_from_plaintext(new_resource.password || node['user']['password'])
+ else
+ new_resource.password || node['user']['password']
+ end
@manage_home = bool(new_resource.manage_home, node['user']['manage_home'])
@create_group = bool(new_resource.create_group, node['user']['create_group'])
@ssh_keygen = bool(new_resource.ssh_keygen, node['user']['ssh_keygen'])
+def generate_hash_from_plaintext(plaintext_password)
+ require 'digest/sha2'
+ salt = rand(36**8).to_s(36)
+ shadow_hash = plaintext_password.crypt("$6$" + salt)
+ return shadow_hash
action :create do
user_resource :create
dir_resource :create
@@ -89,7 +101,7 @@ def normalize_bool(val)
def user_resource(exec_action)
# avoid variable scoping issues in resource block
- my_home, my_shell, manage_home = @my_home, @my_shell, @manage_home
+ my_home, my_shell, manage_home, my_password = @my_home, @my_shell, @manage_home, @my_password
r = user new_resource.username do
comment new_resource.comment if new_resource.comment
@@ -97,7 +109,7 @@ def user_resource(exec_action)
gid new_resource.gid if new_resource.gid
home my_home if my_home
shell my_shell if my_shell
- password new_resource.password if new_resource.password
+ password my_password if my_password
system new_resource.system_user
supports :manage_home => manage_home
action :nothing
2  recipes/data_bag.rb
@@ -34,7 +34,7 @@
username = u['username'] || u['id']
user_account username do
- %w{comment uid gid home shell password system_user manage_home create_group
+ %w{comment uid gid home shell password use_plaintext system_user manage_home create_group
ssh_keys ssh_keygen}.each do |attr|
send(attr, u[attr]) if u[attr]
1  resources/account.rb
@@ -28,6 +28,7 @@
attribute :home, :kind_of => String
attribute :shell, :kind_of => String
attribute :password, :kind_of => String
+attribute :use_plaintext, :default => nil
attribute :system_user, :default => false
attribute :manage_home, :default => nil
attribute :create_group, :default => nil
Something went wrong with that request. Please try again.