upstream/ansible
1
0
Fork 0
mirror of https://github.com/ansible/ansible.git synced 2026-02-18 18:29:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Docs: Clarify user module behavior for invalid password hashes (#85838)

Browse source 
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
This commit is contained in:
Simon Chernyk 2026-02-17 15:45:23 +03:00 committed by GitHub
parent 8730acbb2d
commit d6f719429b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/ansible/modules/user.py
View file

@ -93,6 +93,9 @@ options:
- B(Linux/Unix/POSIX:) Enter the hashed password as the value.
- See L(FAQ entry,https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module)
for details on various ways to generate the hash of a password.
- The module writes the value directly to C(/etc/shadow) without any validation. Because the module cannot verify the user input,
providing an invalid value will likely result in authentication failure.
However, this behaviour can be utilized intentionally to lock a user account.
- To create an account with a locked/disabled password on Linux systems, set this to V('!') or V('*').
- To create an account with a locked/disabled password on OpenBSD, set this to V('*************').
- B(OS X/macOS:) Enter the cleartext password as the value. Be sure to take relevant security precautions.