Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th June 2013, 16:20
mrtnzlml mrtnzlml is offline
Junior Member
 
Join Date: Feb 2013
Location: Czech Republic
Posts: 12
Thanks: 1
Thanked 3 Times in 3 Posts
Unhappy Awkward function client_change_password

Hi, I am confused. Again.
If you change client's password via ISPConfig, it's ok. It is in database as something like this:
Code:
$1$fI0xcpH9$9p2s18Jj/bVW3N6/DnDGD/
BUT if you change client's password via remote api using client_change_password function, then it is something like this (MD5):
Code:
925d7518fc597af0e43f5606f9a51512
And of course login is impossible.

Am I doing something wrong, or it is bug?
Reply With Quote
Sponsored Links
  #2  
Old 6th June 2013, 16:32
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,003
Thanks: 825
Thanked 5,376 Times in 4,223 Posts
Default

Thats both ok, as ispconfig supports md5 passwords and crypt passwords for the user login.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 6th June 2013, 16:43
mrtnzlml mrtnzlml is offline
Junior Member
 
Join Date: Feb 2013
Location: Czech Republic
Posts: 12
Thanks: 1
Thanked 3 Times in 3 Posts
Default

Oh no, bad news.
I was happy for crypt function. So, if I want to change password via remote API, then I must reprogram my remote login to accept crypt and MD5 hash?

Hm, is there any reason, why ISPConfig accept MD5 (and one function generate MD5)? Backward compatibility? I think it's little bit security weak point.
Reply With Quote
  #4  
Old 6th June 2013, 17:55
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,003
Thanks: 825
Thanked 5,376 Times in 4,223 Posts
Default

ISPConfig supports md5 for backward compatibility. Old versions use md5 and new versions use crypt. The client_change_password is deprecated and gets removed in future. Please use the client_update function if you want to update any value of a client record.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 6th June 2013, 18:03
mrtnzlml mrtnzlml is offline
Junior Member
 
Join Date: Feb 2013
Location: Czech Republic
Posts: 12
Thanks: 1
Thanked 3 Times in 3 Posts
 
Default

Thanks for the explanation.

I hope that MD5 alternative login will be removed as soon as possible.

One more thing. It's planned to implement remote access to APS installer?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Xen for Centos 6.3 HowTo needs updating. Peter Williams HOWTO-Related Questions 24 28th January 2013 03:31
error.log is full of notices mod_fcgid 007007 Installation/Configuration 13 8th September 2012 11:29
ISPConfig3 Debian Squeeze Crontab - Log petrichbg Installation/Configuration 5 22nd March 2011 12:25
Need help setting up domainpop with postfix kameelperdza Installation/Configuration 6 15th June 2009 07:49
Freebsd 6.1 support misterm Installation/Configuration 10 9th April 2009 09:29


All times are GMT +2. The time now is 19:49.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.