trocla_set, don't erase if same as old password

[Poil]

Hi,

We want to use trocla_set to force a plain password and generate a md5crypt

On the 1st run, trocla set our password and a md5crypt. On the 2nd run, trocla set again our password and generate a new md5crypt.

It doesn't seem possible to check if a password is already defined and equal to the password we wanted.

Ideally I would wrote somethings like this :

if trocla_get('mykey_user', 'plain') != $my_password_from_hiera {
   $md5pass = trocla_set('mykey_user', $my_password_from_hiera, 'plain', 'md5crypt')
} else {
  $md5pass = trocla('mykey_user', 'md5crypt') # or trocla_get
}

Is it possible to do something like this, or have you an idea how to do this ? Perhaps we can patch trocla or trocla_get to do not raise a fatal error if the password does not exist in the trocla database ?

Best regards

[Poil]

More information : The salt is randomly generated, so at each run the md5crypt change the value, perhaps we can add an option to have a non-change salt

[duritong]

I guess with the new (optional) behavior in 402b982 this issue is addressed as it would allow you to do what you outlined above.

You could also have used trocla() in the first call, which might have generated an intermediate random password, but I guess it makes sense to be able to tune whether trocla_get() should raise an error or not.

[Poil]

Oh thanks !