From: Hadi H. <ma...@ha...> - 2002-03-30 22:13:43
|
I've created a service that adds users to webmin and sets some initial parameters, in particular it creates a webmin user, gives it specific module access and then sets the permissions for each of these modules. So far it's seems to be going ok, however I have a show-stopper. I can't get the password to work. I create a salt string and call crypt, it stores the hash of the pw in the miniserv.users file but no luck. The same string seems to work for etc/passwd so don't know what could be going on. Any ideas? Thanks. |
From: Joe C. <jo...@sw...> - 2002-03-30 23:15:07
|
Webmin uses MD5 for its passwords. It may be configurable to use crypt, but by default it is MD5. You can find an example of the routine to do this in the acl module, I think...or maybe not. It's in there somewhere. Hadi Hariri wrote: > I've created a service that adds users to webmin and sets some initial > parameters, in particular it creates a webmin user, gives it specific module > access and then sets the permissions for each of these modules. So far it's > seems to be going ok, however I have a show-stopper. I can't get the password > to work. I create a salt string and call crypt, it stores the hash of the pw > in the miniserv.users file but no luck. The same string seems to work for > etc/passwd so don't know what could be going on. > > Any ideas? > > Thanks. -- Joe Cooper <jo...@sw...> http://www.swelltech.com Web Caching Appliances and Support |
From: Jamie C. <jca...@we...> - 2002-03-31 03:11:10
|
Webmin passwords aren't generally MD5 encrypted, unless copied from a root user who already has an MD5 encrypted password.. In response the original question, are you sure you are calling crypt properly? It should be called something like : $salt = substr(time(), 0, 2); $crypted = crypt($plainpass, $salt); Also, after updated miniserv.users you need to restart webmin with /etc/webmin/stop ; /etc/webmin/start - Jamie Joe Cooper wrote: > > Webmin uses MD5 for its passwords. It may be configurable to use crypt, > but by default it is MD5. You can find an example of the routine to do > this in the acl module, I think...or maybe not. It's in there somewhere. > > Hadi Hariri wrote: > > I've created a service that adds users to webmin and sets some initial > > parameters, in particular it creates a webmin user, gives it specific module > > access and then sets the permissions for each of these modules. So far it's > > seems to be going ok, however I have a show-stopper. I can't get the password > > to work. I create a salt string and call crypt, it stores the hash of the pw > > in the miniserv.users file but no luck. The same string seems to work for > > etc/passwd so don't know what could be going on. > > > > Any ideas? > > > > Thanks. |
From: Jamie C. <jca...@we...> - 2002-03-31 09:25:03
|
Hadi Hariri wrote: > > > Webmin passwords aren't generally MD5 encrypted, unless copied from a > > root user who already has an MD5 encrypted password.. > > > That's what I thought, since I looked at the save_user.cgi. > > > In response the original question, are you sure you are calling crypt > > properly? It should be called something like : > > > > $salt = substr(time(), 0, 2); > > $crypted = crypt($plainpass, $salt); > > > > Well the $salt I'm calculated like the one in save_user.cgi which is the Chr > of 2 random numbers concatenated. The crypt call is the same. > > But coming back to what you said, how does Webmin distinguish what type of > password it is? If I for example copy the value in /etc/passwd and pass that > over to miniserv.users file, is the a param to indicate what type of password > it is? i.e, what indicates "Same as Unix"? The third field in miniserv.users - if it is 1, then whenever the unix password for the same user is changed IN WEBMIN , the password of the webmin user will be updated as well. - Jamie |
From: Hadi H. <ma...@ha...> - 2002-03-31 10:58:37
|
Hi Jamie, Sunday, March 31, 2002, 11:24:56 AM, you wrote: JC> Hadi Hariri wrote: >> >> > Webmin passwords aren't generally MD5 encrypted, unless copied from a >> > root user who already has an MD5 encrypted password.. >> > >> That's what I thought, since I looked at the save_user.cgi. >> >> > In response the original question, are you sure you are calling crypt >> > properly? It should be called something like : >> > >> > $salt = substr(time(), 0, 2); >> > $crypted = crypt($plainpass, $salt); >> > Thanks, got it working (so far). I changed the 1 to 0 and it works. I got confused since the password string isn't the type in the passwd file. I think it's using DES (they crypt call) whereas the unix one is using MD5. However, it seems that if I use crypt for both, both of them seem to work. |