Cloud-Config - Hashed Password Being Set Incorrectly

Question

I'm provisioning an Ubuntu 14.04 server with Digital Ocean and am using Cloud-Config in the user data field to do some initial setup. The issue I am having is creating a new user and setting a password with a SHA-512 hashed password string. Upon creation of the server, this new password does not work. When examining the /etc/shadow file, I find that the hashed password has been copied over with an erroneous ! at the start of the hash. Example line from /etc/shadow/ is as follows:

jerry:!$6$rHazYJBiLiJ2$yZei93AcU9JlauoBV338kVMAOBk0b83iYtxw2/seXfTVuW0e6qtP4sL.ip9JVdnT3HbZ4620ql66WaEANJkg61:16855:0:99999:7:::

Upon removing the ! immediately after jerry:, the password works as expected.

Does anyone have any idea why this could be happening?

score 1 · Answer 1 · answered Feb 24 '16 at 06:24

After a bit more research into the intricacies of Cloud-Config, I've found the issue. By default, the value of lock-passwd is set to True. This is what is causing the ! to be added before the hashed password in /etc/shadow. Explicitly setting lock-passwd to False allows everything to sail along smoothly!

Cloud-Config - Hashed Password Being Set Incorrectly

1 Answers1