Rudder

We need to create a v7 of UserManagement to handle the AIX case.

The idea described in parent issue #8593 is to have a new variable in metadata.xml, USERGROUP_USER_PASSWORD_AIX, with the password hashed in the correct format for /etc/security/passwd
The variable need to be invisible for the user when he edits a userManagement directive: Rudder will automatically pass the user input for field USERGROUP_USER_PASSWORD.

Then, the cfengine code need to be adapted to edit the corrects files for AIX with the content of that variable.

The metadata will use two new input type, built for that case: masterPassword and slavePassword:aix. It will also need to tell masterPassword that it manages slavePassword inputs like that:

      <SECTION name="Password" component="true" componentKey="USERGROUP_USER_LOGIN">
        <INPUT>
          <NAME>USERGROUP_USER_PASSWORD</NAME>
          <DESCRIPTION>Password for this account</DESCRIPTION>
          <CONSTRAINT>
            <MAYBEEMPTY>true</MAYBEEMPTY>
            <TYPE>masterPassword</TYPE>
            <PASSWORDHASH>linux-shadow-md5,linux-shadow-sha256,linux-shadow-sha512,plain</PASSWORDHASH>
            <!-- 
             Tell that master password must create other variables derived from the user input from
             that one. The accepted values for now are "aix" and "linux" (or both, comma separated). 
             The derived variable name will the current name postfixed with _AIX (or _LINUX)

             A correspondance is made between hash algo listed above and the matching one on target OS:
             Linux md5 crypt is mapped to AIX "smd5" version, Linux Sha-Crypt-256 is
             mapped to AIX ssha256, and Linux Sha-Crypt-512 to AIX ssha512.
             AIX ssha256 and ssha512 need the JCE PBKDF2WithHmacSHA256 / PBKDF2WithHmacSHA512.
             They are provided on Oracle Java 8 JVM standard installation, but NOT in
             Java 7 and some other vendor versions.
             In case these algo are not available, a fallback to AIX ssha1 (which uses
             PBKDF2WithHmacSHA1) will be done. This hash scheme is also quite robust, but
             if you want maximum security, you must use for Rudder a JVM which provides the higher
             level algo, like Open JDK 8
             --!>
            <AUTOSUBVARIABLES>AIX</AUTOSUBVARIABLES>
          </CONSTRAINT>
        </INPUT>
      </SECTION>