refactor(dovecot): replace template hashing with openssl command
- Add `openssl` to the list of installed packages to ensure CLI availability. - Introduce a new task to generate user password hashes using `openssl passwd -6` on the target host instead of relying on the Jinja2 `password_hash` filter. - Update `dovecot-users.j2` template to utilize the registered output from the new OpenSSL task. - This ensures consistent SHA512-CRYPT hash generation independent of the controller's Python environment or hashing libraries.
This commit is contained in:
@@ -1,6 +1,8 @@
|
||||
# Dovecot users file
|
||||
# Ansible managed: {{ ansible_managed }}
|
||||
# user:{scheme}hash:uid:gid:gecos:home:shell:extra_fields
|
||||
{% for user in dovecot_users %}
|
||||
{{ user.name }}:{SHA512-CRYPT}{{ (dovecot_token_value + user.pass) | password_hash('sha512', dovecot_token_value) }}::::::
|
||||
{% if dovecot_user_hashes.results is defined %}
|
||||
{% for res in dovecot_user_hashes.results %}
|
||||
{{ res.item.name }}:{SHA512-CRYPT}{{ res.stdout | trim }}::::::
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
Reference in New Issue
Block a user