yahoo-eng-team team mailing list archive

[Launchpad Bug Tracker <2006052@xxxxxxxxxxxxxxxxxx>]

[Expired for cloud-init because there has been no activity for 60 days.]

** Changed in: cloud-init
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/2006052

Title:
  cloud init prefixes password hash with exclamation mark

Status in cloud-init:
  Expired

Bug description:
  Host OS is Ubuntu 22.04 LTS.

  Guest info:

  - Ubuntu 22.04 LTS KVM guest: https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64-disk-kvm.img (also tried with https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64-disk-kvm.img)
  - cloud-init package: 22.4.2-0ubuntu0~22.04.1

  I use this to configure password for the Ubuntu user:

  users:
    - name: ubuntu
      gecos: Ubuntu User
      sudo: ALL=(ALL) NOPASSWD:ALL
      shell: /bin/bash
      groups: sudo
      lock_passwd: false
      # mkpasswd --method=SHA-512 --rounds=4096 -S "1234asdf"
      passwd: $6$rounds=4096$1234asdf$3Ym7weobJp/ORkJML66e54IyCEOGKM8C1zfQj4NRngDgJJGdEJn3O9rocWy0uVc84PbEvSnzji3a54X5FOb230

  
  While provisioning is still running, I can log in as root (configured separately) and observe the hash in /etc/shadow is identical to this (as expected). Also 'ubuntu' can login.

  After provisioning is complete and the VM reboots, I cannot login as
  'ubuntu'.

  I log in as root and find that now a '!' was prefixed to password hash
  in /etc/shadow:

  ubuntu:!$6$rounds=4096$1....

  If I remove that '!', I can login as the ubuntu user.

  I tried surrounding the password with single and double quotes, no
  difference. Initially it's provisioned correctly, so it's something
  that injects that '!' after that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/2006052/+subscriptions