HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=15)
-   -   ISPconfig2, problem with pop authentication, /etc/shadow (http://www.howtoforge.com/forums/showthread.php?t=45213)

moiseev.igor 21st April 2010 13:27

ISPconfig2, problem with pop authentication, /etc/shadow
 
Hello we experience rare but constant problems with "perfect server" on Ubuntu 8.04 + ISPconfig 2 (different ispconfig releases and also the last one).

Problem description:
The main play is around the /etc/shadow (contains the linux users passwords in encrypted format, http://en.wikipedia.org/wiki/Shadow_password). The problem is that when we modify the datas for one user (ex. "web25_info") then the /etc/shadow will rewritten for all domain users "web25" even when no password was modified!!!

So the MAIN problem is that sometimes (could not reproduce it in vitro) the password changes to some uncertain one, so that any authentication versus /etc/shadow for the user under modification FAILS.
The problem causes authentication error with ftp, ssh, pop and other services.

The unique solution we found is to backup /etc/shadow, introduce any modification to the user settings (ex. activation antivirus/antispam for the user email) and then recover correct shadow from backup.

Any ideas or advice on the question are extremely welcome!!

Thank you.

Puckel 26th May 2010 09:23

Hi,

I've the same problem. My sellers hits me :(, anyone have an idea or a fix please ?

Thanks.

till 26th May 2010 10:00

We investigated this on several systems and found out that these problems are caused by browser extensions that use an autofill function to fill in login details like the password field in ispconfig.

If you use any browser that automatically fills password fields, you should disable this function for your ispconfig server domain.

moiseev.igor 26th May 2010 10:39

Yes, the browser auto-fill was the issue in some cases. So the advise is to use firefox and never to remember the passwords even for login form to ispconfig2.

I'm still monitoring the case, before logging to ispconfig2, always do the backup of /etc/shadow to get be sure of any modifications done by ispconfig.

Still get no idea about the behavior of ispconfig2. On user creation it simply adds the user password at the end of /etc/shadow and on ANY modification to the user, for ex. activation of antispam, the whole group of users will be rewritten at the end of the file /etc/shadow.

Thank you for the concern.
Igor.

till 26th May 2010 11:30

Quote:

Still get no idea about the behavior of ispconfig2. On user creation it simply adds the user password at the end of /etc/shadow and on ANY modification to the user, for ex. activation of antispam, the whole group of users will be rewritten at the end of the file /etc/shadow.
Thats the normal behaviour in ISPConfig 2. It does not cause any problems. I never had a corruption of any password on my servers in the last years.

moiseev.igor 26th May 2010 11:37

Till in the last post I didn't say that it corrupts any password.
Vice versa, I really want it would be so! ;)
And still these two or three weeks it is so, works just perfect!

Norman 26th May 2010 20:41

Anyone know if the ISPConfig team provided an update that flagged these fields not to be cached by firefox/chrome ?


All times are GMT +2. The time now is 01:01.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.