User story #3435
closedPassword not optional in "User management" technique
Description
Cfengine tries to set a new line as password, when password is not set in the "User management" technique:
!! Finished command related to promiser "/bin/echo -e "\n" | /usr/bin/passwd foo" -- an error occurred (returned 10) Q: ".../bin/echo -e "\": Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error !! Finished command related to promiser "/bin/echo -e "\n" | /usr/bin/passwd bar" -- an error occurred (returned 10) Q: ".../bin/echo -e "\": Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 2.5.2 to 2.5.3
Updated by Vincent MEMBRÉ over 11 years ago
- Category set to Techniques
- Status changed from New to 8
- Assignee set to Jonathan CLARKE
We should probably add a way to add user without password.
I see two ways to handle this:
- Add a checkbox to create a user without password.
The form should not be validated if the field is empty and the checkbox is unchecked
- Handle the empty case of that field to create a user with an empty password.
Updated by Jonathan CLARKE over 11 years ago
- Assignee changed from Jonathan CLARKE to Dennis Cabooter
This brings up the interesting question of what the intent is here. When you define a Directive to create a user without a password, does this mean:
a) Create the user with an empty password, so just typing in the login name lets you log in
b) Create the user but without a password, so that he can't login
c) Something else?
Dennis, what do you think? What was your original use case when using this?
Updated by Jonathan CLARKE over 11 years ago
Actually, #3461 just introduced a version 2.0 of this Technique, that no longer echoes strings through the passwd command, but instead does the hashing when you enter the password in the web UI (so it is never stored in cleartext). This is available in the 2.6.0 release of Rudder (or will be when it's released later today).
This doesn't fix the bug you describe in version 1.0, but since the code has been replaced in version 2.0 it will no longer apply. We still need to work around this in 1.0.
Updated by Dennis Cabooter over 11 years ago
My original use case is to create a user with a ssh key. This user doesn't need a password. I propose that, if the password field is left emtpy, a random password will be set for the user.
Updated by Dennis Cabooter over 11 years ago
I'm using Rudder 2.5 in production, and afaik it is recommended to not use 2.6 in production yet.
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 2.5.3 to 2.5.4
Updated by Matthieu CERDA over 11 years ago
- Status changed from 8 to In progress
- Assignee changed from Dennis Cabooter to Matthieu CERDA
- Priority changed from N/A to 2
Updated by Matthieu CERDA over 11 years ago
- Status changed from In progress to 8
- Assignee deleted (
Matthieu CERDA)
I tried to work a bit on this, but this is complicated and I do not currently have the ressources to finish this. It should impact even the old versions (2.3).
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 2.5.4 to 2.5.5
Updated by Jonathan CLARKE over 11 years ago
- Project changed from Rudder to 24
- Category changed from Techniques to Techniques
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 2.5.5 to 2.5.6
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 2.5.6 to 2.4.8
This is not specific to Rudder 2.5, it should happen Rudder 2.4 too. I suppose #3844 will fix this issue even if this is not directly related.
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 2.4.8 to 2.4.9
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.9 to 2.4.10
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.10 to 2.4.11
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.11 to 2.4.12
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.12 to 2.4.13
Updated by Vincent MEMBRÉ almost 11 years ago
- Target version changed from 2.4.13 to 2.6.11
Since 2.4 is not maintained anymore, retargeting to branch 2.6
Updated by Vincent MEMBRÉ almost 11 years ago
- Target version changed from 2.6.11 to 2.6.12
Updated by Vincent MEMBRÉ almost 11 years ago
- Target version changed from 2.6.12 to 2.6.13
Updated by Vincent MEMBRÉ over 10 years ago
- Target version changed from 2.6.13 to 2.6.14
Updated by Jonathan CLARKE over 10 years ago
- Target version changed from 2.6.14 to 2.6.16
Updated by Jonathan CLARKE over 10 years ago
- Target version changed from 2.6.16 to 2.6.17
Updated by Nicolas PERRON over 10 years ago
- Target version changed from 2.6.17 to 2.6.18
Updated by Matthieu CERDA about 10 years ago
- Target version changed from 2.6.18 to 2.6.19
Updated by Vincent MEMBRÉ about 10 years ago
- Target version changed from 2.6.19 to 2.6.20
Updated by François ARMAND almost 10 years ago
- Assignee set to Benoît PECCATTE
- Target version changed from 2.6.20 to 2.10.10
Benoit, could you take a fresh eye on that one ?
Updated by Vincent MEMBRÉ almost 10 years ago
- Target version changed from 2.10.10 to 2.10.11
Updated by Benoît PECCATTE almost 10 years ago
- Status changed from 8 to Discussion
Still present, but only in technique 1.0
Updated by Benoît PECCATTE almost 10 years ago
- Tracker changed from Bug to User story
- Status changed from Discussion to Rejected
This ticket is about a feature: adding a user with no password.
It has been implemented in later versions of the technique, so i close it.
Updated by Benoît PECCATTE almost 10 years ago
- Project changed from 24 to Rudder
- Category changed from Techniques to Techniques