HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Developers' Forum (http://www.howtoforge.com/forums/forumdisplay.php?f=18)
-   -   /etc/shadow and authentication problem on ispconfig + ubuntu (http://www.howtoforge.com/forums/showthread.php?t=45532)

moiseev.igor 30th April 2010 10:33

/etc/shadow and authentication problem on ispconfig + ubuntu
 
Hello we experience rare but constant problems with "perfect server" on Ubuntu 8.04 + ISPconfig 2 (different ispconfig releases and also the last one).

Problem description:
The main play is around the /etc/shadow (contains the linux users passwords in encrypted format, http://en.wikipedia.org/wiki/Shadow_password). The problem is that when we modify the datas for one user (ex. "web25_info") then the /etc/shadow will rewritten for all domain users "web25" even when no password was modified!!!

So the MAIN problem is that sometimes (could not reproduce it in vitro) the password changes to some uncertain one, so that any authentication versus /etc/shadow for the user under modification FAILS.
The problem causes authentication error with ftp, ssh, pop and other services.

The unique solution we found is to backup /etc/shadow, introduce any modification to the user settings (ex. activation antivirus/antispam for the user email) and then recover correct shadow from backup.

Any ideas or advice on the question are extremely welcome!!

Thank you.
PS. sorry this thread is a repost of ISPconfig2, problem with pop authentication, /etc/shadow. Neeeeed heeelp!

till 30th April 2010 11:29

Please compare a working and not working copy of the shadow file, is the exact difference that causes the probelm?

moiseev.igor 30th April 2010 11:46

Hi Till! Than you for reply.

The problem is that NO SENSE to look for the /etc/shadow because even for the same password the encrypted string differs (it adds randomness during the encryption). So the exactness fails always!

After modifications to /etc/shadow does not work the standard linux authentication, gives the password error for some users.

I saw ispconfig doesn't use passwd/usermod/useradd functions to modify the user data (name/password/shell), it implements adhoc functions in php. Is there any restrictions, some default action that the php perfrom, when for example the password is shorter then some number characters??

till 30th April 2010 12:08

I dont think that the problem is with the encryption. The problem must be a syntx error somewhere. Plese compare the lines if the syntax looks strange somewhere.

moiseev.igor 30th April 2010 12:24

Till lost some days to understand the function of ispconfig. So php under suspicions

/root/ispconfig/scripts/lib/server.inc.php
/root/ispconfig/scripts/lib/classes/ispconfig_file.lib.php

/root/ispconfig/scripts/lib/classes/ispconfig_system.lib.php
110 function updateuser($user_username, $uid, $gid, $username, $homedir, $shell, $passwort = '*'){
111 $this->deluser($user_username);
112 $this->adduser($user_username, $uid, $gid, $username, $homedir, $shell, $passwort);
113 }

So this ($passwort = '*') can be the obstacle?

till 30th April 2010 12:28

I dont think so. $passwort = '*' means that * is used when no parameter is set. But as there is a parameter set, * will never be used. Also if this would be the problem, then password updates would never work, which is not the case.

Please try to compare the passwd and shadow files as I suggested. You can also check the broken one them with the "pwck" command.


All times are GMT +2. The time now is 19:45.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.