Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9013

password_max_age is incorrectly set when using a value of -1

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: PUP 5.5.2
    • Fix Version/s: None
    • Component/s: None
    • Template:
      PUP Bug Template
    • Team:
      Platform OS
    • Method Found:
      Customer Feedback
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 5.5.2 / PE 2018.1.2
      OS Name/Version: RHEL 7.5 / Centos 6.9

      Desired Behavior:

      Using -1 as the value for password_max_age should properly remove / unset password expiry on new / existing users.

      Actual Behavior:

      Using the following test:

      user { 'blah':
         ensure => present,
         forcelocal => true,
         managehome => true,
         password => '!!',
         password_max_age => '-1',
      }
      

      Puppet repeatedly applies the value from 4294967295 to -1. After doing so, the calue is not properly reported by chage.

      [root@testbox1802 blah]# puppet apply blah.pp
      Notice: Compiled catalog for testbox1802.doomfacenet.local in environment production in 0.02 seconds
      Notice: /Stage[main]/Main/User[blah]/ensure: created
      Notice: Applied catalog in 1.16 seconds
       
      [root@testbox1802 blah]# chage -l blah
      Last password change                                    : Jul 23, 2018
      Password expires                                        : never
      Password inactive                                       : never
      Account expires                                         : never
      Minimum number of days between password change          : 0
      Maximum number of days between password change          : 4294967295
      Number of days of warning before password expires       : 7
       
      [root@testbox1802 blah]# puppet apply blah.pp
      Notice: Compiled catalog for testbox1802.doomfacenet.local in environment production in 0.02 seconds
      Notice: /Stage[main]/Main/User[blah]/password_max_age: password_max_age changed 4294967295 to -1
      Notice: Applied catalog in 0.74 seconds
       
      [root@testbox1802 blah]# chage -l blah
      Last password change                                    : Jul 23, 2018
      Password expires                                        : never
      Password inactive                                       : never
      Account expires                                         : never
      Minimum number of days between password change          : 0
      Maximum number of days between password change          : 4294967295
      Number of days of warning before password expires       : 7
       
      [root@testbox1802 blah]# grep blah /etc/shadow
      blah:!!:17735:0:-1:7:::
       
      [root@testbox1802 blah]# chage -l blah
      Last password change                                    : Jul 23, 2018
      Password expires                                        : never
      Password inactive                                       : never
      Account expires                                         : never
      Minimum number of days between password change          : 0
      Maximum number of days between password change          : 4294967295
      Number of days of warning before password expires       : 7
       
      [root@testbox1802 blah]# puppet apply blah.pp
      Notice: Compiled catalog for testbox1802.doomfacenet.local in environment production in 0.03 seconds
      Notice: /Stage[main]/Main/User[blah]/password_max_age: password_max_age changed 4294967295 to -1
      Notice: Applied catalog in 0.57 seconds
       
      [root@testbox1802 blah]# grep blah /etc/shadow
      blah:!!:17735:0:-1:7:::
       
      [root@testbox1802 blah]# chage -l blah
      Last password change                                    : Jul 23, 2018
      Password expires                                        : never
      Password inactive                                       : never
      Account expires                                         : never
      Minimum number of days between password change          : 0
      Maximum number of days between password change          : 4294967295
      Number of days of warning before password expires       : 7
      

      Manually removing the value from /etc/shadow ends the loop.

      [root@testbox1802 blah]# puppet apply blah.pp
      Notice: Compiled catalog for testbox1802.doomfacenet.local in environment production in 0.02 seconds
      Notice: Applied catalog in 0.55 seconds
       
      [root@testbox1802 blah]# chage -l blah
      Last password change                                    : Jul 23, 2018
      Password expires                                        : never
      Password inactive                                       : never
      Account expires                                         : never
      Minimum number of days between password change          : 0
      Maximum number of days between password change          : -1
      Number of days of warning before password expires       : 7
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              nathanael Nathanael Cole
            • Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:

                Zendesk Support