Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 30th April 2010, 09:33
moiseev.igor moiseev.igor is offline
Junior Member
 
Join Date: Nov 2009
Posts: 8
Thanks: 0
Thanked 2 Times in 2 Posts
Default /etc/shadow and authentication problem on ispconfig + ubuntu

Hello we experience rare but constant problems with "perfect server" on Ubuntu 8.04 + ISPconfig 2 (different ispconfig releases and also the last one).

Problem description:
The main play is around the /etc/shadow (contains the linux users passwords in encrypted format, http://en.wikipedia.org/wiki/Shadow_password). The problem is that when we modify the datas for one user (ex. "web25_info") then the /etc/shadow will rewritten for all domain users "web25" even when no password was modified!!!

So the MAIN problem is that sometimes (could not reproduce it in vitro) the password changes to some uncertain one, so that any authentication versus /etc/shadow for the user under modification FAILS.
The problem causes authentication error with ftp, ssh, pop and other services.

The unique solution we found is to backup /etc/shadow, introduce any modification to the user settings (ex. activation antivirus/antispam for the user email) and then recover correct shadow from backup.

Any ideas or advice on the question are extremely welcome!!

Thank you.
PS. sorry this thread is a repost of ISPconfig2, problem with pop authentication, /etc/shadow. Neeeeed heeelp!
Reply With Quote
Sponsored Links
  #2  
Old 30th April 2010, 10:29
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,461
Thanks: 813
Thanked 5,240 Times in 4,108 Posts
Default

Please compare a working and not working copy of the shadow file, is the exact difference that causes the probelm?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following 2 Users Say Thank You to till For This Useful Post:
cotoEdilt (26th September 2012), feeninuoumn (17th December 2013)
  #3  
Old 30th April 2010, 10:46
moiseev.igor moiseev.igor is offline
Junior Member
 
Join Date: Nov 2009
Posts: 8
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Hi Till! Than you for reply.

The problem is that NO SENSE to look for the /etc/shadow because even for the same password the encrypted string differs (it adds randomness during the encryption). So the exactness fails always!

After modifications to /etc/shadow does not work the standard linux authentication, gives the password error for some users.

I saw ispconfig doesn't use passwd/usermod/useradd functions to modify the user data (name/password/shell), it implements adhoc functions in php. Is there any restrictions, some default action that the php perfrom, when for example the password is shorter then some number characters??
Reply With Quote
The Following User Says Thank You to moiseev.igor For This Useful Post:
AbannyvabVask (18th December 2013)
  #4  
Old 30th April 2010, 11:08
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,461
Thanks: 813
Thanked 5,240 Times in 4,108 Posts
Default

I dont think that the problem is with the encryption. The problem must be a syntx error somewhere. Plese compare the lines if the syntax looks strange somewhere.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 30th April 2010, 11:24
moiseev.igor moiseev.igor is offline
Junior Member
 
Join Date: Nov 2009
Posts: 8
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Till lost some days to understand the function of ispconfig. So php under suspicions

/root/ispconfig/scripts/lib/server.inc.php
/root/ispconfig/scripts/lib/classes/ispconfig_file.lib.php

/root/ispconfig/scripts/lib/classes/ispconfig_system.lib.php
110 function updateuser($user_username, $uid, $gid, $username, $homedir, $shell, $passwort = '*'){
111 $this->deluser($user_username);
112 $this->adduser($user_username, $uid, $gid, $username, $homedir, $shell, $passwort);
113 }

So this ($passwort = '*') can be the obstacle?
Reply With Quote
  #6  
Old 30th April 2010, 11:28
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,461
Thanks: 813
Thanked 5,240 Times in 4,108 Posts
 
Default

I dont think so. $passwort = '*' means that * is used when no parameter is set. But as there is a parameter set, * will never be used. Also if this would be the problem, then password updates would never work, which is not the case.

Please try to compare the passwd and shadow files as I suggested. You can also check the broken one them with the "pwck" command.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
AbannyvabVask (21st December 2013)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPconfig2, problem with pop authentication, /etc/shadow moiseev.igor General 6 26th May 2010 19:41
Connection timed out on intermail outgoing mails gouravgarg Server Operation 6 5th March 2010 20:31
ISPConfig3 Mail Warn Errors reason8 General 3 25th November 2009 13:58
Problem with installation of ISPConfig 3 on Ubuntu 8.10 VMartins Installation/Configuration 1 19th November 2009 19:07
SMTP authentication problem mphayesuk General 2 13th December 2007 11:33


All times are GMT +2. The time now is 19:01.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.