Can't login Aix machine by the account that was created by Ansible user module.

[shaol...@hotmail.com]

Hello everybody,

     I am using Ansible user module to create Aix machine account. I found that the new created user can't login Aix machine. 

     The below is my some test step;

     1. Generate a crypted password by ansible provided method. The cleartext password is "123456"

http://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module

     2. Use below command to create a new Aix user successful.

ansible 192.168.2.*** -m "user" -a "state=present name=ray password=$6$PbSwE6eWakaP9VSl$GjZhuR5.6ICTM6K/.91gss2iYbhJoLU1B51XXqxCMIcVi17IMAegxlcfWNfWkuYkldRuKJLw9xjTp/F4.hFYq0"

     3. Login Aix machine with the new user failed. The reason is error password.

If we get a crypted password by Aix from /etc/security/passwd, replace the above password that was crypted by ansible doc with the new crypted password. We can login Aix with new account.

So, the issue reason should be Aix machine can't accept the cryted password that is generated by referring Ansible doc.

How can we generate a correctly password for Aix machine?  Thank a lot.

Thanks

Ray Tan

[Mauricio Tavares]

Was the user creation successful as far as Ansible was
concerned? Anything interesting in the AIX box's log file? Did you
check the /etc/security/passwd file?

>
> Thanks
> Ray Tan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/8f7c89ae-43e3-483b-add7-dfe39be92f6d%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Werner Flamme]

shaol...@hotmail.com [23.05.2018 13:24]:

Currently, you use the SHA512 algorithm to create a password, this is
recognized by $6$ at the beginning of the string.

When you create a user manually, how does the password string look like?

$1$ -> crypt; $2$, $2a$, $2y$ -> blowfish; $5$ -> sha256, $6$ -> sha512

Maybe your AIX does not support sha512 passwords, so you must look at
the hashing that is possible. If you create a user locally and the
password starts with $2y$, you have to create the ansible password with
blowfish algorithm instead of sha512.

HTH, Werner

--

[Mauricio Tavares]

I always assume the OS will use the strongest encryption on the
root pw, which is why I was suggesting to look again at
/etc/security/passwd. Then try whatever it used for root.

> HTH, Werner
>
> --

>
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8c35cc62-c417-e1e3-ac49-d1f6841e1fe7%40ufz.de.

[shaol...@hotmail.com]

Thanks Werner for your quickly response,

I manual create a new user "raytest" and set password to "123456". I don't find the crypted password of the new user match the format that you mention. Do you help find the crypt method? Thanks.

The below is the crypted password string in /etc/security/passwd file.

raytest:

        password = bo8Dqpvt3wnb.

        lastupdate = 1527172932

        flags = ADMCHG

Thanks

Ray

在 2018年5月23日星期三 UTC+8下午8:24:54，Werner Flamme写道：

[shaol...@hotmail.com]

Thanks Mauricio for your quickly response,

I sure the user is created successful, because I can grep the user name from /etc/passwd. Also, I can transfer the user successful from root by "su *** -"  command.

I checked the /etc/security/passwd, I can see the origin crypted password in the file. Please see below the password of new user and root.

root:

        password = j7SpMBcZZRZq6

        lastupdate = 1524597968

ray:

        password = $6$PbSwE6eWakaP9VSl$GjZhuR5.6ICTM6K/.91gss2iYbhJoLU1B51XXqxCMIcVi17IMAegxlcfWNfWkuYkldRuKJLw9xjTp/F4.hFYq0

        lastupdate = 1527116053

If any log files can help check the issue, please let me know. I will check them. Thanks you very much.

Thanks

Ray

在 2018年5月23日星期三 UTC+8下午8:02:48，Mauricio Tavares写道：

[Kai Stian Olstad]

On 24.05.2018 03:52, shaol...@hotmail.com wrote:
> Thanks Werner for your quickly response,
>
> I manual create a new user "raytest" and set password to "123456". I
> don't
> find the crypted password of the new user match the format that you
> mention. Do you help find the crypt method? Thanks.
>
> The below is the crypted password string in /etc/security/passwd file.
> raytest:
> password = bo8Dqpvt3wnb.
> lastupdate = 1527172932
> flags = ADMCHG

It's using the inferior des and not sha-512

$ echo 123456 | mkpasswd -m des -S bo -s
bo8Dqpvt3wnb.


--
Kai Stian Olstad

[shaol...@hotmail.com]

Thanks Kai very much. It work for me.

Thanks

Ray

在 2018年5月24日星期四 UTC+8下午1:55:54，Kai Stian Olstad写道：