(#11293) Add password get/set behavior for 10.7
018f36d57c14Unpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(#11293) Add password get/set behavior for 10.7

Puppet did not have the ability to get/set passwords in OS X version
10.7. This commit implements this behavior. Users in 10.7 have a
binary plist file in /var/db/dslocal/nodes/Default/users that contains
a 'ShadowHashData' key. The value for this key is actually a binary
encrypted plist which contains a 'SALTED-SHA512' key containing
a base64 encoded string. This string is actually the salted-SHA512
password hash with a 4 byte salt prepending the hash. Puppet expects
this 4 byte salt + salted-SHA512 password hash in order to set the
user's password. Since this value is drastically different from
previous versions of OS X, Puppet will fail if you try and pass
a SHA1 password hash that was used in previous versions of OS X.

Spec tests were added to ensure that Puppet fails with an incorrect
password, and that the get/set behavior works properly with OS X
version 10.7.

Details

Provenance

Gary Larizza <gary@puppetlabs.com>	Authored on
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPUc3aa97a44d61: Merge branch 'ticket/2.7.x/11740-fails_on_windows_handle' into 2.7.x

Branches

Unknown

Tags

Unknown

Event Timeline

Gary Larizza <gary@puppetlabs.com> committed rPU018f36d57c14: (#11293) Add password get/set behavior for 10.7 (authored by Gary Larizza <gary@puppetlabs.com>).Jan 6 2012, 8:40 PM

Changes (2)

Path

Size

lib/

puppet/

provider/

nameservice/

directoryservice.rb

spec/

unit/

provider/

nameservice/

directoryservice_spec.rb

rPU018f36d57c14

View Options

lib/puppet/provider/nameservice/directoryservice.rb