Thursday, January 5, 2017

Ansible Playbook and Perl (or 'Salted MD5 - Yummo!')

Not much of an article here - just some notes about encrypting passwords for Ansible playbooks.  All of the examples for adding the encrypted passwords to the ansible playbook are Python (what's up with that?!) :-)

So, I have an example of a playbook to change a user password on all ansible systems and I have translated the password encryption field for Perl (you're welcome!)

Here's my chgUserPW.yml:

- hosts: all
  sudo: yes
  - name: Change user1 password
    # Created passwd with:
    # perl -e 'print crypt("your pw here","\$6\$salt\$")'
    # Notes: password, 6 = md5, salt = random string to salt entropy
    user: name=user1 update_password=always password=$6$salt$sjuT2.eSTcX/vKwW7RlB1tdLxyB34lJSsndXA5yzC7BZrdAkiAOqtf4NPtHa0tjdFa/5wcS1.vt0LAwzEassr0

All you do is run the Perl one-liner adding your own password and salt string (the word "salt" is probably not a good choice) and you get the format for the password Linux is expecting (salted MD5).  Paste that into the password field and you can now change all of your system's user1 passwords to "your pw here".

*Disclaimer - I'd try it on a single system first, preferably one you have a backdoor root account on.  It worked for me.  Good luck!

1 comment: