/etc/shadow and authentication problem on ispconfig + ubuntu

[moiseev.igor]

Hello we experience rare but constant problems with "perfect server" on Ubuntu 8.04 + ISPconfig 2 (different ispconfig releases and also the last one).

Problem description:

The main play is around the /etc/shadow (contains the linux users passwords in encrypted format, http://en.wikipedia.org/wiki/Shadow_password). The problem is that when we modify the datas for one user (ex. "web25_info") then the /etc/shadow will rewritten for all domain users "web25" even when no password was modified!!!

So the MAIN problem is that sometimes (could not reproduce it in vitro) the password changes to some uncertain one, so that any authentication versus /etc/shadow for the user under modification FAILS.

The problem causes authentication error with ftp, ssh, pop and other services.

The unique solution we found is to backup /etc/shadow, introduce any modification to the user settings (ex. activation antivirus/antispam for the user email) and then recover correct shadow from backup.

Any ideas or advice on the question are extremely welcome!!

Thank you.
PS. sorry this thread is a repost of ISPconfig2, problem with pop authentication, /etc/shadow. Neeeeed heeelp!

[till]

Please compare a working and not working copy of the shadow file, is the exact difference that causes the probelm?

[moiseev.igor]

Hi Till! Than you for reply.

The problem is that NO SENSE to look for the /etc/shadow because even for the same password the encrypted string differs (it adds randomness during the encryption). So the exactness fails always!

After modifications to /etc/shadow does not work the standard linux authentication, gives the password error for some users.

I saw ispconfig doesn't use passwd/usermod/useradd functions to modify the user data (name/password/shell), it implements adhoc functions in php. Is there any restrictions, some default action that the php perfrom, when for example the password is shorter then some number characters??

[till]

I dont think that the problem is with the encryption. The problem must be a syntx error somewhere. Plese compare the lines if the syntax looks strange somewhere.

[moiseev.igor]

Till lost some days to understand the function of ispconfig. So php under suspicions

/root/ispconfig/scripts/lib/server.inc.php
/root/ispconfig/scripts/lib/classes/ispconfig_file.lib.php

/root/ispconfig/scripts/lib/classes/ispconfig_system.lib.php
110 function updateuser($user_username, $uid, $gid, $username, $homedir, $shell, $passwort = '*'){
111 $this->deluser($user_username);
112 $this->adduser($user_username, $uid, $gid, $username, $homedir, $shell, $passwort);
113 }

So this ($passwort = '*') can be the obstacle?

[till]

I dont think so. $passwort = '*' means that * is used when no parameter is set. But as there is a parameter set, * will never be used. Also if this would be the problem, then password updates would never work, which is not the case.

Please try to compare the passwd and shadow files as I suggested. You can also check the broken one them with the "pwck" command.