I am concerned that the password being in the clear is more =
dangerous and harmful than an encrypted password stored in a dbm or dat =
file. The whole purpose of my current employer deploying Webmin was to be =
able to manage systems remotely without having the tedious task of =
repetitive key strokes. In my testing Webmin cannot distribute s/w or =
execute remote cluster copies unless the password is provided. Is that =
correct? Is there any way to add an encrypted password that is not stored =
in the clear?
Regards - Mark
>>> "Jamie Cameron" <jcameron@...> 06/29/2007 5:34 PM >>>
There is no way Webmin can truly encrypt it, as when it logs into a remote
Webmin in order to perform some action (like copying a file or installing
a package), it needs to provide the remote system with a password.
I suppose I could use some symetric key to encrypt the password, but that
would in turn need to be stored on the same system, so it wouldn't really
That said, the password file should only be readable by root. Anyone who
gains access to it could do much worse, like change the password for the =
Webmin, login to that and then do things to your remote system. So even if
there was some magical way it could be securely encrypted, it wouldn't=20
On 29/Jun/2007 11:29 Mark Khan wrote ..
> The password being in the clear is a real show stopper. Is =
> anyway that we can hide or mask it's readability?
> Mark K.
> >>> "Jamie Cameron" <jcameron@...> 06/29/2007 1:59 PM >>>
> On 29/Jun/2007 10:48 Mark Khan wrote ..
> > Jamie:
> > Sorry for the lack of detail. It is only the users accounts =
> > are contained in the /etc/passwd files and their associated /etc/shadow=
> > files that I need to be able to manage on a cluster basis. I have =
> > taken care of the Webmin user accounts. I need a method or a set of =
> > for creating a master password file for each cluster group and then =
> > copy it to the appropriate systems in the cluster. I have 9 groups so
> > am envisioning 9 master password files, one for each group.=20
> I see .. perhaps a better solution would be to use a service like NIS or
> to share users and groups between machines? This is generally more =
> easier to manage, as there is no danger of systems getting out of sync.
> > Also I was alarmed to find that in the /etc/webmin/servers[1-9] =
> > there is a file called config that contains the un-encrypted webmin =
> > Is there a way to encrypt the contents of the auto_pass field?
> No - Webmin needs to know that password in order to login to remote =
> - Jamie
> > Respectfully;
> > Mark K.
> > >>> "Jamie Cameron" <jcameron@...> 06/29/2007 1:09 PM >>>
> > On 29/Jun/2007 06:30 Mark Khan wrote ..
> > > Hello again:
> > > Sorry to keep bombarding this group with my =
> > but
> > > I just started this job and have been thrown into Webmin head first.
> > I
> > > have purchased and read both books and I can't seem to come up with
> > procedure
> > > using Webmin to maintain passwords in my environment. Here is the =
> > > I am facing:
> > > Various releases of Webmin were deployed before I was hired. Each =
> > > had already had it's password files updated manually by the SA's, =
> > > I was hired. Once Webmin was deployed they did not read the =
> > > on how Webmin updates UID's and GID's. Subsequently, we have many =
> > > in the systems password files.=20
> > >=20
> > > What I would like to do is create a master password file for each of
> > the
> > > cluster groupings of systems I have created on my primary Webmin =
> > > Then when I need to add or delete a user to a particular cluster I
> > > do it on the primary Webmin server and then cluster copy it to the
> > > cluster. So far I have found that I can do a batch load of the =
> > > file at the system level but not at the cluster level. Is what I am
> > > for possible? has anyone ever encountered this situation before? If
> > > could you please pass along how you handled it? Finally, is there a
> > > party software module or program that anyone knows about that can =
> > > me resolve this mess.
> > Hi Mark,
> > So are you trying to sync Webmin users between multiple systems? Or it
> > is=20
> > Unix users that you are trying to sync? In the former case, this can
> > done by copying across the right files, such as /etc/webmin/webmin.acl
> > and
> > /etc/webmin/miniserv.users, and all the /etc/webmin/*/*.acl files.
> > Let us know more details on what you are trying to do though, so I can
> > provide a more complete answer ..
> > - Jamie
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
Forwarded by the Webmin mailing list at webadmin-list@...=
To remove yourself from this list, go to
This e-mail is intended for the addressee shown.
It contains information that is confidential and
protected from disclosure. Any review, dissemination
or use of this transmission or its contents by persons
or unauthorized employees of the intended organizations
is strictly prohibited.
The contents of this email do not necessarily represent
the views or policies of PSCU Financial Services.