ansible.builtin.user :: input password appears not to have been hashed

adriansev · January 10, 2024, 10:27am

Hi! I'm trying to sync users from a "frontend" type server
to compute nodes and for this i build a var yml with the information
including the hash of the passwords (provided by spwd module attribute sp_pwdp)
sp_pwdp is described here as Encrypted password, see https://docs.python.org/3.6/library/spwd.html#module-spwd

as such i used it in ansible.builtin.user in the 'password' attribute but i get:
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.

from a --check run the issue seems to be from nfsnobody user that have the bellow information
but the problem seems to come from 'hash': '!!'

Any idea what can i do to fix this? or being a warning i can just ignore it?

Thanks a lot!!
Adrian

ok: [issaf-0-0] => (item={'name': 'nfsnobody', 'uid': 65534, 'gid': 65534, 'shell': '/sbin/nologin', 'home': '/var/lib/nfs', 'groups': , 'hash': '!!'}) => {
     "ansible_loop_var": "user_def",
     "append": false,
     "changed": false,
     "comment": "Anonymous NFS User",
     "group": 65534,
     "groups": "",
     "home": "/var/lib/nfs",
     "invocation": {
         "module_args": {
             "append": false,
             "authorization": null,
             "comment": null,
             "create_home": false,
             "expires": null,
             "force": false,
             "generate_ssh_key": null,
             "group": null,
             "groups": ,
             "hidden": null,
             "home": "/var/lib/nfs",
             "local": null,
             "login_class": null,
             "move_home": false,
             "name": "nfsnobody",
             "non_unique": false,
             "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
             "password_expire_max": null,
             "password_expire_min": null,
             "password_lock": null,
             "profile": null,
             "remove": false,
             "role": null,
             "seuser": null,
             "shell": "/sbin/nologin",
             "skeleton": null,
             "ssh_key_bits": 0,
             "ssh_key_comment": "ansible-generated on issaf-0-0.issaf",
             "ssh_key_file": null,
             "ssh_key_passphrase": null,
             "ssh_key_type": "rsa",
             "state": "present",
             "system": false,
             "uid": 65534,
             "update_password": "always"
         }
     },
     "move_home": false,
     "name": "nfsnobody",
     "password": "NOT_LOGGING_PASSWORD",
     "shell": "/sbin/nologin",
     "state": "present",
     "uid": 65534,
     "user_def": {
         "gid": 65534,
         "groups": ,
         "hash": "!!",
         "home": "/var/lib/nfs",
         "name": "nfsnobody",
         "shell": "/sbin/nologin",
         "uid": 65534
     },
     "warnings": [
         "The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly."
     ]
}

Topic		Replies	Views
Issue with password hash in user module when passing ByVal ??? Ansible Developer	0	1	September 11, 2019
Help with securing password Ansible Project	1	0	July 28, 2018
Ansible user module, password option Ansible Project ansible-project	0	2	May 22, 2013
Ansible password_hash issue Ansible Project	15	9	March 13, 2020
Setting user password via ansible module user didn't work as expected Ansible Project	2	1	July 12, 2016

ansible.builtin.user :: input password appears not to have been hashed

Related topics