Password change is not working from Puppet master

Question

I have written a site.pp to change a password from the puppet master. Below is the site.pp. It is changing the password on agent host idrac-h868gm1, but when I try to login with the changed password (In this case devuser888) it is not working.

I used single and double quotes but it still does not work. I manually changed the password to devuser888 and it is working.

node default {
  class { 'ntp':
    servers => ['ntp1','ntp2']
  }
  include ntp
}
node /^(prod|dev)\d+$/ {
  include mounts
  include nis
}
node idrac-h868gm1 {
  user { 'dev':
    ensure   => present,
    password => "devuser888"
  }
}

Puppet server version: 2.7.1 (open source)
Puppet agent version: 4.8.0
Puppet agent OS: RHEL7.2

Please let me know for any more info/queries

Answer 1

checked in shadow file, dev:devuser888:17149:0:99999:7:::

The passwords in the shadow file must be hashed, but this password is plain text. The password property of the user resource states that it must be the encrypted format the local system requires (Resource Type Reference).

Either copy the crypted version out of shadow after setting it manually and put this in your manifest (e.g. password => '$6$.......'), or keep the plain text version and use the pw_hash function from the stdlib module to generate it.

For the latter, it's best if I refer to an existing answer, which shows how to use the pw_hash function to generate a hash: managing a user password for linux in puppet with pw_hash.