[PUP-8713] Would like to be able to lock (and unlock) users Created: 2016/12/13  Updated: 2020/03/04

Status: Accepted
Project: Puppet
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Normal
Reporter: Geoff Williams Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: linux, platform-os, redmine, type_and_provider, user
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Team: Night's Watch
QA Risk Assessment: Needs Assessment



Would like to be able to lock and unlock user accounts using puppet (or with manual unlock).

See Summary

https://projects.puppetlabs.com/issues/219 from 8 years ago

Current workaround

Presently, users can lock a password by setting password => '*' or similar. The problem with doing this is that the user cannot then be unlocked with {{passwd -u} as the above code will have destroyed the original password.

Customer impact

While in many cases, its simple to reset a password rather then unlock it, there are cases, however-much we disapprove of them, where this could be a problem.

For example, where the password is being used remotely and is incorporated into other scripts and systems or where passwords are controlled by systems such as cyberark where the reset process is non-trivial or slow due to external process hardening.

Generated at Tue Jul 14 03:52:23 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.