Auto login to phpMyAdmin and Webmail

Discussion in 'Installation/Configuration' started by todx, Apr 9, 2012.

Thread Status:
Not open for further replies.
  1. todx

    todx Member

    Hey guys, I'm new at this forum. I've been wondering if there is a way to setup/configure ISPConfig to automatically login to phpmyadmin and/or webmail once the icon in the ISPConfig control panel is click? At the moment(default settings) it just redirects to phpmyadmin or webmail page...

    Is this a php type of a question? If it is, where should I post?
     
  2. Mitzy

    Mitzy New Member

    Yeah it does seem a bit redundant doesn't it, you'd have to hack the templates, wouldn't know where to begin.

    Why don't you make a suggestion to the tracker?
     
  3. todx

    todx Member

    What/who is a tracker?
     
  4. Mitzy

    Mitzy New Member

  5. todx

    todx Member

    I think the problem here is that ISPConfig need to post original username and password (not hashed - md5ed). They store encoded password into mysql so I don't think this is possible.
     
  6. falko

    falko Super Moderator ISPConfig Developer

    That's right. ISPConfig does this for security reasons.
     
  7. todx

    todx Member

    Yeah its probably for the best. Case closed! =)

    ** I'm gonna post a serious-hardcore review soon on what to change/add/remove etc. so be prepared!
     
  8. Bitvilag

    Bitvilag New Member

    I know this is an old thread however I do not agree.

    Why isnt it possible to create autologin without the password? ex. From admin you can easily sing in to a user.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    there is a huge difference:

    becoming a client from admin login is a internal permision change within the same software. phpmyadmin and webmail are both different external software packages that authenticate against different system mecahnisms. phpmyadmin authenticates against the mysql user database and webmail authenticates against imap. so in both cases you would have to stire the password as plaintext if you want to allow automatic logins.
     
  10. Bitvilag

    Bitvilag New Member

    Would this be possible

    You might be right however other providers like cPanel somehow solved this issue and they are using autologin very well. My problem is, one of my clients complained why cant he see his workers' emails anytime. I had to disable password modification in roundcube so he could spy on his workers'. I can relate to what he is saying since he has to know what information is going out and in anytime.

    My suggestion would be either to create such plugin or something or maybe an admin login would also help me. As in one login that would give me access to all mails that would be in that group. Easiest way would be a master password that would work with those email addresses that are associated. I dont think this would be a security issue since this password should be set by one person (person managing ISPConfig)

    Wish you the best
    Bitvilag
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Cpanel did not solve this, they just store all passwords in cleartext. I wont call this a solution.
     
    ahrasis likes this.
  12. Mladen

    Mladen New Member

    Maybe ISPConfig could utilize MySql's dual password feature:
    Code:
    htt ps :// dev. mysql.com/doc/mysql-security-excerpt/8.0/en/password-management.html#:~:text=Dual%20passwords,%20to%20enable%20clients%20to%20connect%20using%20either%20a%20primary%20or%20secondary%20password
    In essence, creating a 2nd user password on-the-fly, e.g. when a user clicks the db icon in the panel, and providing that password to PhpMyAdmin to autologin a user.

    P.S. Please forgive me for tweaking the link, I don't have enough posts to submit a real link.
     
  13. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Please don't hijack old posts, but create a new one instead and eventually refer to this post.
     
Thread Status:
Not open for further replies.

Share This Page