Problem with: create user with an encrypted password

Hello,

i want to create users on a centos system. the users use rsa keys to authenticate on the linux.
They have an PAM token to connect on the maria db on the system.
And with PAM they need an Linux password and the token to login to the maria.

The Users need no password to connect to the centos.
But the maria with PAM autentication need an correct linux password (and that is ok).

So i begin:

  • name: add 2factorauth users
    user:
    name: “{{ item.user }}”
    password: “{{ ‘{{ item.user }}’ | password_hash(‘sha512’) }}”
    update_password : on_create
    state: present
    shell: /bin/bash
    system: no
    createhome: yes
    home: “/home/{{ item.user }}”
    with_items: “{{ two_factor_users }}”

This should generate a user with a password on a linux system.
And yes it generate a user. and yes this user has a password (encrypted in the /etc/shadow) but the user cant use this password to login to the maria.

if the user want to change the password with passwd he gets the error: authentication token manipulation error
So it seems the encrypted password is not correct. If i use my root account and create a new password for the user with passwd -f , the user can login to the mariadb with the password.

I checked the password encryption method on the linux instance. And yes this is sha512

What is wrong?

The user you creating has the password
{{ item.user }}

And yes it is literally that string the curly brackets and all.

I don't understand what password you are trying to set for the user, if you are trying to set the password the same as the username this is the correct syntax

  password: "{{ item.user | password_hash('sha512') }}"

You can't use curly brackets inside curly brackets, you are already inside template mode.

Hello Kai,

yes i set the password the same as the username.

And thanx for your help.

Your solution works for me.