diff --git a/library/system/user b/library/system/user
index 91d926284c9..8bc54cee8e9 100644
--- a/library/system/user
+++ b/library/system/user
@@ -158,6 +158,15 @@ options:
- Set a passphrase for the SSH key. If no
passphrase is provided, the SSH key will default to
having no passphrase.
+ update_password:
+ required: false
+ default: always
+ choices: ['always', 'on_creation']
+ version_added: "1.3"
+ description:
+ - Control when does ansible update passwords.
+ C(always) will update if they differ.
+ C(on_creation) will only update the password if user is being created.
'''
EXAMPLES = '''
@@ -230,6 +239,7 @@ class User(object):
self.ssh_type = module.params['ssh_key_type']
self.ssh_comment = module.params['ssh_key_comment']
self.ssh_passphrase = module.params['ssh_key_passphrase']
+ self.update_password = module.params['update_password']
if module.params['ssh_key_file'] is not None:
self.ssh_file = module.params['ssh_key_file']
else:
@@ -361,7 +371,7 @@ class User(object):
cmd.append('-s')
cmd.append(self.shell)
- if self.password is not None and info[1] != self.password:
+ if self.update_password == 'always' and self.password is not None and info[1] != self.password:
cmd.append('-p')
cmd.append(self.password)
@@ -694,7 +704,7 @@ class FreeBsdUser(User):
(rc, out, err) = (None, '', '')
# we have to set the password in a second command
- if self.password is not None and info[1] != self.password:
+ if self.update_password == 'always' and self.password is not None and info[1] != self.password:
cmd = [
self.module.get_bin_path('chpass', True),
'-p',
@@ -840,7 +850,7 @@ class OpenBSDUser(User):
cmd.append('-L')
cmd.append(self.login_class)
- if self.password is not None and info[1] != self.password:
+ if self.update_password == 'always' and self.password is not None and info[1] != self.password:
cmd.append('-p')
cmd.append(self.password)
@@ -993,7 +1003,7 @@ class NetBSDUser(User):
cmd.append('-L')
cmd.append(self.login_class)
- if self.password is not None and info[1] != self.password:
+ if self.update_password == 'always' and self.password is not None and info[1] != self.password:
cmd.append('-p')
cmd.append(self.password)
@@ -1158,7 +1168,7 @@ class SunOS(User):
(rc, out, err) = (None, '', '')
# we have to set the password by editing the /etc/shadow file
- if self.password is not None and info[1] != self.password:
+ if self.update_password == 'always' and self.password is not None and info[1] != self.password:
try:
lines = []
for line in open(self.SHADOWFILE, 'rb').readlines():
@@ -1307,7 +1317,7 @@ class AIX(User):
(rc, out, err) = self.execute_command(cmd)
# set password with chpasswd
- if self.password is not None and info[1] != self.password:
+ if self.update_password == 'always' and self.password is not None and info[1] != self.password:
cmd = []
cmd.append('echo "'+self.name+':'+self.password+'" |')
cmd.append(self.module.get_bin_path('chpasswd', True))
@@ -1358,7 +1368,8 @@ def main():
ssh_key_type=dict(default=ssh_defaults['type'], type='str'),
ssh_key_file=dict(default=None, type='str'),
ssh_key_comment=dict(default=ssh_defaults['comment'], type='str'),
- ssh_key_passphrase=dict(default=None, type='str')
+ ssh_key_passphrase=dict(default=None, type='str'),
+ update_password=dict(default='always',choices=['always','on_create'],type='str')
),
supports_check_mode=True
)