- the account hadmut1 is created if the identity:-section is completely removed from user-data, so identity is not 'optional', but exclusive.
- it does not exist immediately when the first boot prompt comes, it is delayed. You have to wait until you see around one and a half screens full of log messages
- I could log in only over ssh and ssh-key with additional kvm option -nic user,model=virtio,hostfwd=tcp::2222-:22, not with password, because I had copied the password entry from the identity section to use the default 'ubuntu' password. Doesn't work, because in the identity:-section the password entry tag is password:, while in the users section it is passwd: . If you name it password:, it is not found and thus not set.
- even if the password is given with the passwd: tag, it is not possible to login with that password, because the entry in /etc/shadow looks like this:
Note the ! the hash begins with. That's inhibiting password use. However, the account is not completely locked, since login with ssh is still possible.
I found by googling, that there is an additional field
lock_passwd: true
which might have a default value of true. I'll check this.
I've made some progress with debugging.
- the account hadmut1 is created if the identity:-section is completely removed from user-data, so identity is not 'optional', but exclusive.
- it does not exist immediately when the first boot prompt comes, it is delayed. You have to wait until you see around one and a half screens full of log messages
- I could log in only over ssh and ssh-key with additional kvm option -nic user,model= virtio, hostfwd= tcp::2222- :22, not with password, because I had copied the password entry from the identity section to use the default 'ubuntu' password. Doesn't work, because in the identity:-section the password entry tag is password:, while in the users section it is passwd: . If you name it password:, it is not found and thus not set.
- even if the password is given with the passwd: tag, it is not possible to login with that password, because the entry in /etc/shadow looks like this:
hadmut1: !$6$exDY1mhS4KU YCE/2$zmn9ToZwT KLhCw.b4/ b.ZRTIZM30JZ4Qr OQ2aOXJ8yk96xpc Cof0kxKwuX1kqLG /ygbJ1f8wxED22b TL4F46P0: 18728:0: 99999:7: ::
Note the ! the hash begins with. That's inhibiting password use. However, the account is not completely locked, since login with ssh is still possible.
I found by googling, that there is an additional field
lock_passwd: true
which might have a default value of true. I'll check this.