Password change in Virtualmin Replication

Hello,

I noticed that a password change on a Virtual server in my Primary Virtualmin Server isn't replicated to the Secondary Virtualmin Server by Cloudmin's Virtual Server Replication. Is this right and it normally shouldn't be able to do so or is something wrong with my configuration.

Thanks.

Status: 
Active

Comments

Was this a change to the password of the domain's primary login, or for a mailbox? All password changes should be replicated - if not, that sounds like a bug.

This was a password change of the domain's primary login. What needs to be done to fix the bug...

In your setup, are home directories, MySQL databases or users already replicated between the two systems via NFS or LDAP? Or are they completely independent.

Home directory is on an NFS share (we don't have MySQL databases yet) that is accessible and used by both Servers. So, during Virtual Server replication setup, i selected the Home Directory as a Feature not to be replicated (All except selected features.. option).

I do not use LDAP.

Hello Support,

Any update on this?

Thanks.

Same thing happens with CentOS 7 latest Virtualmin GPL and Cloudmin Connect.

Password changed on master. Webmin login and Administrative fatures selected. Replication to slaves... On slaves the /etc/shadow timestamp changes but the password remains the old one (unchanged). it is like the old password is replicated from somewhere (maybe cache?).

How did you change the password in Virtualmin on the source system? Also, are you seeing the incorrect password when logging in via SSH, or on port 10000 ?

On the source system the password was changed using " Edit Virtual Server -> Administrators password -> Set to... ".

On destination systems the incorrect password is both on SSH and webmin login. If cleartext password storage enabled the destination system password hint (key icon at the Adminsitration Password) shows the correct password. So that gets replicated. However the entry in /etc/shadow does not get replicated.

I looked at the code and made some teste looks like the password hash which gets written into the shadow file is the content of backup_encpass= from the virtualmin domain config file. During restoration of an already existing virtualmin domain config the backup_encpass field is not updated from the backup.

Adding in virtual-server-lib-funcs.pl, restore_virtualmin function the following line seems to fix the issue:

$_[0]->{'backup_encpass'} = $oldd{'backup_encpass'};

Please review and add it to the next relase if it is ok.

Thank you!

Although that will work, it looks like the bug is actually elsewhere - the current code assumes that passwords are in MD5 format when you're likely using SHA or some newer hashing format. We'll fix this in the next release.