Details
-
Bug
-
Status: Accepted
-
Normal
-
Resolution: Unresolved
-
PUP 5.5.2
-
None
-
None
-
Night's Watch
-
Customer Feedback
-
Needs Assessment
Description
Puppet Version: 5.5.2 / PE 2018.1.2
OS Name/Version: RHEL 7.5 / Centos 6.9
Desired Behavior:
Using -1 as the value for password_max_age should properly remove / unset password expiry on new / existing users.
Actual Behavior:
Using the following test:
user { 'blah':
|
ensure => present,
|
forcelocal => true,
|
managehome => true,
|
password => '!!',
|
password_max_age => '-1',
|
}
|
Puppet repeatedly applies the value from 4294967295 to -1. After doing so, the calue is not properly reported by chage.
[root@testbox1802 blah]# puppet apply blah.pp
|
Notice: Compiled catalog for testbox1802.doomfacenet.local in environment production in 0.02 seconds
|
Notice: /Stage[main]/Main/User[blah]/ensure: created
|
Notice: Applied catalog in 1.16 seconds
|
|
|
[root@testbox1802 blah]# chage -l blah
|
Last password change : Jul 23, 2018
|
Password expires : never
|
Password inactive : never
|
Account expires : never
|
Minimum number of days between password change : 0
|
Maximum number of days between password change : 4294967295
|
Number of days of warning before password expires : 7
|
|
|
[root@testbox1802 blah]# puppet apply blah.pp
|
Notice: Compiled catalog for testbox1802.doomfacenet.local in environment production in 0.02 seconds
|
Notice: /Stage[main]/Main/User[blah]/password_max_age: password_max_age changed 4294967295 to -1
|
Notice: Applied catalog in 0.74 seconds
|
|
|
[root@testbox1802 blah]# chage -l blah
|
Last password change : Jul 23, 2018
|
Password expires : never
|
Password inactive : never
|
Account expires : never
|
Minimum number of days between password change : 0
|
Maximum number of days between password change : 4294967295
|
Number of days of warning before password expires : 7
|
|
|
[root@testbox1802 blah]# grep blah /etc/shadow
|
blah:!!:17735:0:-1:7:::
|
|
|
[root@testbox1802 blah]# chage -l blah
|
Last password change : Jul 23, 2018
|
Password expires : never
|
Password inactive : never
|
Account expires : never
|
Minimum number of days between password change : 0
|
Maximum number of days between password change : 4294967295
|
Number of days of warning before password expires : 7
|
|
|
[root@testbox1802 blah]# puppet apply blah.pp
|
Notice: Compiled catalog for testbox1802.doomfacenet.local in environment production in 0.03 seconds
|
Notice: /Stage[main]/Main/User[blah]/password_max_age: password_max_age changed 4294967295 to -1
|
Notice: Applied catalog in 0.57 seconds
|
|
|
[root@testbox1802 blah]# grep blah /etc/shadow
|
blah:!!:17735:0:-1:7:::
|
|
|
[root@testbox1802 blah]# chage -l blah
|
Last password change : Jul 23, 2018
|
Password expires : never
|
Password inactive : never
|
Account expires : never
|
Minimum number of days between password change : 0
|
Maximum number of days between password change : 4294967295
|
Number of days of warning before password expires : 7
|
Manually removing the value from /etc/shadow ends the loop.
[root@testbox1802 blah]# puppet apply blah.pp
|
Notice: Compiled catalog for testbox1802.doomfacenet.local in environment production in 0.02 seconds
|
Notice: Applied catalog in 0.55 seconds
|
|
|
[root@testbox1802 blah]# chage -l blah
|
Last password change : Jul 23, 2018
|
Password expires : never
|
Password inactive : never
|
Account expires : never
|
Minimum number of days between password change : 0
|
Maximum number of days between password change : -1
|
Number of days of warning before password expires : 7
|