Track changes for further processing

Christian_Schoepplei · May 4, 2022, 3:57pm

Hi,

I am using a slightly adapted role taken from
<https://github.com/1it/ansible-role-users> to manage our users on our
servers.

This is working fine so far but one little thing I can't get to work.

I want to force newly created users to change their password when they login
for the first time. For that reason I need to know which user is new on a
system. They role itself does not give me this information so I need to find
another way.

Have you any idea how to read out those new users?

How do you manage your users on your systems and what roles dou you use?

Kind regards and many thanks,

Schoepp

Michael_Stroder · May 4, 2022, 7:58pm

Sorry, two answers you probably don't want to read:

1. While I really like ansible to achieve many tasks I don't consider it to be a decent IAM system. An ansible-based solution lacks important features like enforcing uniqueness on IDs, secure password reset process, etc. You should rather consider setting up a decent IAM.

2. Enforcing password reset after first login does not work well in a pure server environment. This mech is designed for workstation logins after initial password reset. I'd recommend to implement a better password reset process which avoids this.

Ciao, Michael.

Topic		Replies	Views
AWS IAM create user with password reset Ansible Project aws	0	0	May 11, 2017
How do you handle password rotation for local users? Get Help ubuntu	2	128	July 10, 2024
Is the user module idempotent? Ansible Project	5	0	June 1, 2016
Help with securing password Ansible Project	1	0	July 28, 2018
only add users, but dont allow changing users Ansible Project	1	1	September 12, 2013

Track changes for further processing

Related topics