Hello guys, i think that i found a little bug, when u change a user password then the site .htpasswd it's not updated so u have to login to stats for example with the old password, how can i solve this? any help would be appreciated
How long did you wait? I guess what you encountered is not ab bug, the stats and the stats passwords where generated nightly, if you change a password, the password will be changed in the htaccess file around 1AM.
i've been waiting & im having the same problem i've been playin around and i discovered that i can login in the system now with two passwords???? how is this possible???? for example i have my user web1_webmaster, i changed his password throught ispconfig app but, when i try to loggin to the server throught ssh (for testing), i can login with two passwords the old and the new password, the same occures with stats, i took a look in to passwd and shadow and seems to be fine, but when i do from system console $passwd web1_webmaster and stablish a new pass then i can only login only with this, but if i try again to stablish again the passwd with ispconfig then ... guess what? can login with two pass! isnt it anoying? thnks all
Never seen that. ISPConfig stores passwords only in /etc/shadow, so there is no possibility to have two passwords in ISPConfig. Which linux distribution do you use? How many chars did your two passwords have and how many of the chars where identical in the two passwords (from the beginning)?
yes it so weird, im using ubuntu breezy 5.10 , and im completely lost. because shadow passwd seems correct & system account info it's only here... so theres mus be a problem any help would be appreciated thk u all
What's in the .htpasswd file that manages the login to the stats folder? Can you still login to the shell with two different passwords?
sorry for my late respond, yes sure i still can login with 2 different passwords only when i change a passwd from ispconfig, if i change with passwd from system console no problem... this is my /etc/passwd entry for web1_info, and i can login with both passwords new and old web1_info:x:10052:10001:Information:/var/www/web1/user/web1_info:/bin/false and this is the shadow (only one entry per file) web1_info:|+++++++++++:13252:0:99999:7::: when i make passwd web1_info & stablish the new passwd no problem again but with ispconfig ... problems again still both passwords, i updated ispconfig from 2.2.0 to 2.2.1, ispconfig what can do to my passwd & shadow ? thks and anyhelp would be appreciated so strange.
Hmm, looks like your system is caching the passwords anywhere. Can you still login to an account with two passwords after you rebootest the server? I know thats not a solution but it might help us to narrow down the problem
Yes i think that my system is caching passwords anywhere, so i tried to reboot the server, but how do u explain... when i change the password from passwd from system console everything is ok ? i mean only one entry of ... web1_info , because someone could think that i have two entries, in shadow or passwd.
Does rebooting after a ISPConfig password change fixed the double login? Mybe the password command reloads any kind of pam caching deamon on your server. Please try if rebooting solves it, then we can try to find out which daemon / cache has to be reloaded after a password change.
Do only these two passwords work? Or maybe you have some kind of "wildcard" as password, beeing able to log in with any password?
