Changing passwords of e-mailaccounts blocks access to accounts

When an user changes a password of his e-mailaccount he can't login anymore with the new password. I verified this myself. It seems to happen after I changed some security settings on our server.

http://www.vmunix.com/mark/blog/archives/2005/10/31/changing-default-pas...

When I change the password on the commandline using the passwd command the user can login again.

Status: 
Closed (fixed)

Comments

So, you're on Solaris -- and it sounds like you're saying you changed a value in policy.conf from "CRYPT_DEFAULT=unix" to "CRYPT_DEFAULT=1". Does that sound about right?

If you were to (temporarily) switch that back, and then try changing your user's password from within Virtualmin, does it work at that point?

Yes I changed CRYPT_DEFAULT=unix to CRYPT_DEFAULT=1. I guess I narrowed the problem. It only happens when the password which first encrypted using the unix setting and then is changed by vritualmin with the new 1 setting. I've included some output:

/etc/shadow after changing the old password (unix) to the new password (1): testuser@example.com:$1$OVyGGCSPPvZew$m4w5pzlAUHkvrthxxxxxxx:14564::::::

/etc/shadow after changing the new password (1) to a random password (1): testuser@example.com:$1$OVyGGCSPPvZew$6ywGHamWFzpA8exxxxxxxx:14564::::::

/etc/shadow after changing back from the random (1) password to the new password (1) testuser@example.com:$1$OVyGGCSPPvZew$m4w5pzlAUHkvrthxxxxxxx:14564::::::

/etc/shadow after changing to the new password (1) with the commandline passwd utility testuser@example.com:$1$H13B/dSH$XSx5ONUm5keGexxxxxxx:14564::::::

So the results of the passwd utility are different from the virtualmin utility.

So if you were to set CRYPT_DEFAULT=1 , change a password using the 'passwd' command, then make another change in Virtualmin , would the new password set in Virtualmin work OK?

Yes, when the password is correctly set with the new setting I can change it with virtualmin without any problems.

Ok, I see the problem here .. there's a bug in Webmin's encryption code that happens when the old password encrypted with one method, and the password is then encrypted with a different method.

I will fix this in the next Webmin release.

Automatically closed -- issue fixed for 2 weeks with no activity.