|
|
|
|
|
|
by ohlol
6154 days ago
|
|
|
D'oh, upvoted instead of clicking reply =( What I mean is that in order to manage user accounts, the management tool (Puppet) will have to know what the encrypted password is so it can insert it into /etc/shadow. Otherwise you have no password and must rely on NOPASSWD in sudoers if you want to log into that managed machine and use sudo. If the system doesn't have a password for you in /etc/shadow, sudo can't authenticate you via getpwent or whatever. So your only two options are to write a tool for users to update their password in Puppet directly/indirectly, or allow NOPASSWD and religiously check for empty passphrases on SSH keypairs. |
|
|