From ac7d99d78ccd497cce7ffeaff87b1f3179721d1a Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Thu, 8 Sep 2016 12:06:23 +0200
Subject: [PATCH] library/roles/users: Set the new users password as '*' by
 default. Otherwise they cannot login with their ssh keys when the ssh server
 does not use PAM for authentication

---
 users/defaults/main.yml | 4 +++-
 users/tasks/main.yml    | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/users/defaults/main.yml b/users/defaults/main.yml
index 369612ec..8bbb6c50 100644
--- a/users/defaults/main.yml
+++ b/users/defaults/main.yml
@@ -9,6 +9,8 @@ users_sudoers_group: sudo
 users_sudoers_create_group: False
 users_sudoers_create_sudo_conf: False
 users_home_dir: /home
+users_default_password: '*'
+users_update_password: 'on_create'
 #users_system_users:
-#  - { login: 'adellam', name: "Andrea Dell'Amico", home: '{{ users_home_dir }}', createhome: 'yes', ssh_key: '{{ adellam_ssh_key }}', shell: '/bin/bash', admin: False, log_as_root: False }
+#  - { login: 'foo', name: "Foo Bar", home: '{{ users_home_dir }}', createhome: 'yes', ssh_key: '{{ foo_ssh_key }}', shell: '/bin/bash', admin: False, log_as_root: False }
 
diff --git a/users/tasks/main.yml b/users/tasks/main.yml
index 52797a7c..22926e5a 100644
--- a/users/tasks/main.yml
+++ b/users/tasks/main.yml
@@ -10,7 +10,7 @@
   tags: users
 
 - name: Create users
-  user: name={{ item.login }} comment="{{ item.name }}" home={{ item.home }}/{{ item.login }} createhome={{ item.createhome }} shell={{ item.shell }}
+  user: name={{ item.login }} comment="{{ item.name }}" home={{ item.home }}/{{ item.login }} createhome={{ item.createhome }} shell={{ item.shell }} password={{ item.password | default('*') }} update_password={{ item.update_password | default('on_create') }}
   with_items: '{{ users_system_users }}'
   when: users_system_users is defined
   tags: users