postfix_null: Use fixed amount of rounds for password_hash

As it turns out the value for this filters "rounds" parameter strongly differs depending on the installed python crypto backend, since python-crypt uses 5000 rounds while python-passlib uses 656000 rounds set a default parameter according to ansible documentation. As really high values for "rounds" lead to some login timeouts it makes sense for us to use a fixed value for this parameter. In this case 5000 have been chosen as this value reflects the defaults from python-crypt aswell as /etc/login.defs in the shadow package. Link: https://github.com/ansible/ansible/pull/77963/files Related-to: #250 Signed-off-by: Christian Heusel <christian@heusel.eu>

postfix_null: Use fixed amount of rounds for password_hash
96fdaf29 · Christian Heusel · 42442fa6 · 96fdaf29
Verified Commit 96fdaf29 authored 4 months ago by Christian Heusel
--- a/roles/postfix_null/tasks/main.yml
+++ b/roles/postfix_null/tasks/main.yml
@@ -15,7 +15,7 @@
    name: "{{ inventory_hostname_short }}"
    comment: "SMTP Relay Account for {{ inventory_hostname }}"
    group: nobody
-    password: "{{ postfix_relay_password | password_hash('sha512') }}"
+    password: "{{ postfix_relay_password | password_hash('sha512', rounds=5000) }}"
    shell: /sbin/nologin
    update_password: always
    home: /home/"{{ inventory_hostname }}"  # Set home directory so shadow.service does not fail