User passwords don't get saved

Discussion in 'General' started by pjdevries, Jun 15, 2007.

  1. pjdevries

    pjdevries Member

    Because I couldn't login as a regular user in one of my sites, Hans suggested me to take a look at the isp_isp_user table to see if the users are actually there. The users are but the user_passwort fields are all empty. Does anyone have a clue how this can happen and how to solve this?
  2. falko

    falko Super Moderator ISPConfig Developer

    That's how it is supposed to be. ISPconfig doesn'T save the passwords, they are stored in /etc/shadow.

    You can try to set $go_info["server"]["password_hash"] to md5 in /home/admispconfig/ispconfig/lib/ Create a new user and try if you can log in.
  3. Hans

    Hans Moderator ISPConfig Developer


    Yes, i know that passwords are stored within /etc/shadow, but as far as i've understand is that pjdevries can not login as a client at URL http(s)://

    But on my systems, within phpMyAdmin, the passwort field for clients shows encrypted passwords like: 0c8e39169ada3e5eb2502c7f6da33427 and in pjdevries database not. Can you explain this, because i do not understand. (if i did not define a passwort for a client yet, it is blank indeed).
    Last edited: Jun 17, 2007
  4. pjdevries

    pjdevries Member

    Thanks Falko. That clears up things about the password in the database.

    I did as you suggested and created a new user (also changed the password of an existing user) but I still can't login. What to do next?


    Maybe I'm no the only one with a password problem :)
  5. Hans

    Hans Moderator ISPConfig Developer

    Are you really sure that you defined an account for that client first within ISPConfig under ISP Manager > Clients > Select your client > Login Data ?

    I want to ask you this, because some people are mistaken; they use the email-user of a site to login, which is not correct.
  6. falko

    falko Super Moderator ISPConfig Developer

    Maybe you mixed up ISPConfig users (clients, resellers, admin) and system users? System user passwords are stored in /etc/shadow; system users can use email and FTP.
    ISPConfig user passwords are stored in the ISPConfig database, but ISPConfig users can log in to ISPConfig only - they cannot use email and FTP.
  7. pjdevries

    pjdevries Member

    Thanks Hans and Falko. To be honest I didn't think about that. In fact I already had defined a Client (for my own company) for whom I had entered the login credentials. With those credentials I can login and get (limited) access to the ISPConfig functionality and manage the sites and users belonging to that Client account. So as usual this seems to be a case of RTFM and I appologize for that.

    The good thing about reading the manual once again was that I was also made aware of the fact that it is possible for site users to login and manage their own e-mail account etc. As the ISPConfig manual states in the Customer section on page 58:
    'If the Mailuser Login is activated for a site (tab "Basis"), a user can make changes himself to his
    email settings (password, spamfilter and antivirus settings) by logging in under
    https://www.domain.tld:81/mailuser or. http://www.domain.tld:81/mailuser'.​
    Unfortunately, when I do that, I get a "404 Not found" error. However, when I go to http://www.domain.tld:81/~webXX_username, the familiar ISPConfig default 'Welcome to your website!' page whows up. So the web space for the user exists and is accessible but I'm still not able to login.

    Any suggestions what I do wrong this time?
  8. Hans

    Hans Moderator ISPConfig Developer

    Did you really use http(s)www.anydomainonyourserver.tld/mailuser where mailuser is just the text "mailuser" and not the name of a mailuser you've defined within ISPConfig under "user and email"?
  9. pjdevries

    pjdevries Member

  10. Hans

    Hans Moderator ISPConfig Developer

    Then you should be able to login at http(s)://anydomainonyourserver.tld/mailuser:)
    Last edited: Jun 18, 2007
  11. falko

    falko Super Moderator ISPConfig Developer

  12. pjdevries

    pjdevries Member

    Thanks again Falko. Everything is under control now. As so many times, the problem in fact consisted of more than one smaller problems.

    As Hans and Falko already guessed, I mixed up Client login with User login. Where a Client has access to all Sites and User accounts belonging to a particular Client, a User only has access to his/her personal account settings like personal name and password, various e-mail settings etc.

    Also Hans and I were wrong footed by the empty user_passwort column in table isp_isp_user, which made us think that something didn't function correctly, whereas in fact user passwords don't get saved in the database at all, like Falko pointed out.

    Then there was the confusion with the term 'mailuser'. I interpreted that term as a replacement for the actual (Linux) username (webXX_username) that is assigned to a user on creation of the account, while in fact the literal text 'mailuser' must be appended to the base domain url.

    So in fact everything was o.k. right from the start an it was all a matter of RTFM and proper interpretation. I thank everybody involved for their patience and support.

Share This Page