When I installed VM I chose to not store passwords in plain text, sounded good at the time, but then I realized how much that sucks, so I changed it; but it didn't seem to take in sites already setup and as a result, I'm having issues that I can not explain, which may be unrelated to this problem, but deleting the site and restoring it doesn't sound fun, and I'm not sure it will fix the problem, so is there a way to fix this behaviour?
One issue is SMTP, I use the @, I have 50 sites, didn't want to change all those user names in my clients, so this issue is a problem in itself, and may have nothing to do with the above password issue, but I do think I changed this in the Template after this site was setup, so I would think it would help fix this issue.
I did delete the user, and put them back in, same issue, I can receive email, but I can't send it.
If I can not do this, can you tell me a way to fix the User Name so I can store it in plain text and how I can fix this email issue, I have read threads and FAQ on this, not sure if I should bite the bullet and change all user names to not use @, so I'm not using a hack, so what is the best way to fix this.
Thanks
Howdy,
A lot of folks use usernames with @ in their name -- if things are working fine for you, I would just try to not think about the little hack needed to make it work :-) It's a simple hack, there's simply two names listed in the /etc/passwd file.
As far as the hashed passwords -- I asked Jamie if that's possible, we'll have to see what he says.
The problem there is that since the passwords are hashed, and not in plain text, Virtualmin can't convert the passwords to plain text. You'd likely have to go reset all your passwords after making such a change.
But, let's see what he says about all that :-)
-Eric
SASL PLAIN authentication failed: authentication failure
Forgot to add this to my first message, this is the SMTP failure I'm getting.
I would like to stay with the @, I just don't remember if I changed the setting after the site was created, and maybe that was causing it to use what ever was setup prior to this, but I don't suspect this to be the case, I deleted the user, so I would think it took, since POP3 works, so maybe this is a seperate issue, but I do know its not storing the passwords in clear text, and would like it to be that way, just don't know where to change it.
Jeffrey Scott Flesher
Medically Retired Gulf War Vet
Howdy,
After speaking with Jamie -- there's no quick way to switch from one to the other.
Due to the nature of how hashed passwords function, you can't just switch from one to the other, it's a little more of a process.
You can disable it for new domains in System Settings -> Server Templates -> Default -> Administrative User -> Store clear text passwords.
After changing that, you'd need to reset the passwords for existing users.
Regarding the email issue -- although this should be handled automatically, you may want to double-check that saslauthd is running with the "-r" parameter.
-Eric
ps auxw | grep saslauthd
root 16238 0.0 0.0 48852 1288 ? Ss Mar26 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
That answers that,
nano /etc/sysconfig/saslauthd
was
FLAGS="-n 2"
changed to:
FLAGS="-r"
/etc/init.d/saslauthd restart
ps auxw | grep saslauthd
root 22221 0.0 0.0 46760 820 ? Ss 14:07 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -r
Looks like this did it, I can send email now.
***
I have Store clear text passwords? Yes
when I reset password, I do not get the box that shows me what the password is, is there a way to fix this?
Thanks
Jeffrey Scott Flesher
Medically Retired Gulf War Vet
There may not be...Jamie had mentioned it wasn't possible to convert a site from one to the other.
I figured he meant that you'd first have to change the passwords -- but it sounds like he actually means it's not physically possible to switch from one to the other.
It might work if you generate a backup of that site, and then perform a restore, though I'm not sure.
-Eric
Can you find out if a restore will work, this site has over 40 GB of files on it, so a restore is not a simple task, finding hard drive space to do a full backup will be hard, these files do not compress well.
Just to be clear, I'm going to backup and restore to fix the issue with passwords stored in clear text, I'm going from no clear text to yes, use clear text passwords, so I can see them in the popup box.
Thanks
Jeffrey Scott Flesher
Medically Retired Gulf War Vet
I'd like to know as well, as trying out hashed passwords has been a huge pain for me and will be using plain text again in VM.
We talked about this today... there is currently no way to change hashed passwords for an existing domain. It can only be changed for new domains.
However, Jamie is working on adding a feature for switching from hashed passwords.
-Eric
I take it a Restore will not work?
I know this is a sore issue, I did a little more research, and found that a lot of people have asked about it; but what I want to know is if I restore it, will it keep its old setting, or does the Template actually kick in, my guess is that it will not, in which case I'd have to backup the database and files, and rebuild the site.
Thanks.
Jeffrey Scott Flesher
Medically Retired Gulf War Vet
Sorry, until Jamie write's the new feature to handle a move from hashed passwords to plaintext passwords (which I suspect will be in the next Virtualmin version), there's no way to switch a Virtual Server from one to the other.
-Eric
Nothing seems to have happened for 3 years, so I have a suggestion:
Storing passwords in clear text is undoubtedly a security risk, increasingly regarded as very bad practice. I really need some way to remove them from my old servers (created before the option to hash them was available). I'm prepared to copy all the files to new virtual servers and re-create the affected users one by one if necessary, but I'm not sure how best to go about this - perhaps by taking screen shots of the user screens, backing up everything except the users, deleting and restoring the whole server then adding users back? Does anyone have any advice for this?
Next, there's the problem of recovering forgotten passwords, which is not possible with a hashed system - the only solution is to change the forgotten password to a new one, which is not always desirable. Normally I avoid this problem by saving all passwords in KeePass, but sometimes I forget and there are some old ones that were never saved.
So, my suggestion is to make the "save to KeePass" step easier by adding an encrypted password store to Virtualmin for administrative use. It wouldn't be available to users - the password for that store would only be in the administrator's head. It would make life easier in my case.
Phil McKerracher www.beeches.it