Track changes for further processing

[Christian Schoepplein]

Hi,

I am using a slightly adapted role taken from
<https://github.com/1it/ansible-role-users> to manage our users on our
servers.

This is working fine so far but one little thing I can't get to work.

I want to force newly created users to change their password when they login
for the first time. For that reason I need to know which user is new on a
system. They role itself does not give me this information so I need to find
another way.

Have you any idea how to read out those new users?

How do you manage your users on your systems and what roles dou you use?


Kind regards and many thanks,

Schoepp

[Michael Ströder]

On 5/4/22 17:57, 'Christian Schoepplein' via Ansible Project wrote:
> I am using a slightly adapted role taken from
> <https://github.com/1it/ansible-role-users> to manage our users on our
> servers.
>
> This is working fine so far but one little thing I can't get to work.
>
> I want to force newly created users to change their password when they login
> for the first time. For that reason I need to know which user is new on a
> system.

Sorry, two answers you probably don't want to read:

1. While I really like ansible to achieve many tasks I don't consider it
to be a decent IAM system. An ansible-based solution lacks important
features like enforcing uniqueness on IDs, secure password reset
process, etc. You should rather consider setting up a decent IAM.

2. Enforcing password reset after first login does not work well in a
pure server environment. This mech is designed for workstation logins
after initial password reset. I'd recommend to implement a better
password reset process which avoids this.

Ciao, Michael.