salt.modules.shadow

Manage the shadow file

salt.modules.shadow.default_hash()

Returns the default hash used for unset passwords

CLI Example:

salt '*' shadow.default_hash
salt.modules.shadow.info(name)

Return information for the specified user

CLI Example:

salt '*' shadow.info root
salt.modules.shadow.set_date(name, date)

sets the value for the date the password was last changed to the epoch (January 1, 1970). See man chage.

CLI Example:

salt '*' shadow.set_date username 0
salt.modules.shadow.set_inactdays(name, inactdays)

Set the number of days of inactivity after a password has expired before the account is locked. See man chage.

CLI Example:

salt '*' shadow.set_inactdays username 7
salt.modules.shadow.set_maxdays(name, maxdays)

Set the maximum number of days during which a password is valid. See man chage.

CLI Example:

salt '*' shadow.set_maxdays username 90
salt.modules.shadow.set_mindays(name, mindays)

Set the minimum number of days between password changes. See man chage.

CLI Example:

salt '*' shadow.set_mindays username 7
salt.modules.shadow.set_password(name, password, use_usermod=False)

Set the password for a named user. The password must be a properly defined hash. The password hash can be generated with this command:

python -c "import crypt; print crypt.crypt('password', '\$6\$SALTsalt')"

SALTsalt is the 8-character crpytographic salt. Valid characters in the salt are ., /, and any alphanumeric character.

Keep in mind that the $6 represents a sha512 hash, if your OS is using a different hashing algorithm this needs to be changed accordingly

CLI Example:

salt '*' shadow.set_password root '$1$UYCIxa628.9qXjpQCjM4a..'
salt.modules.shadow.set_warndays(name, warndays)

Set the number of days of warning before a password change is required. See man chage.

CLI Example:

salt '*' shadow.set_warndays username 7