The only possible explanation I could come up with for why phpMyAdmin was brought up was if someone was talking about directly changing the password for the Roundcube user, separate from the respective unix user in Vmin.
Presumably, the Roundcube login password must match the user’s unix password, otherwise how could you access the mail server? I guess they meant, “How do you change the Roundcube password after changing the unix user password?” or something like that.
It does look like this is going to have to be done in two separate steps with a custom piece of code, since it still appears to me that the password plugin for RC doesn’t work on Vmin users.
Inside Rouncube 1.6 plugins folder you will find password
Long list of choices
One I had found that looked interesting was the HTTP-API
The settings are straight forward and I believe you only need to add in the url for your Virtualmin passwd/change_passed.cgi
Than go Webmin Config page > authenticate and turn on the API all the way on the bottom of the page.
Could be other steps to get this working. I haven’t tried it yet but looks like the better option.
The only thing I didn’t see was how to call on this API in Virtualmin without an Administrator user and password.
Perhaps it works without it? IDK…
It does not, and it would be dangerous to hand out HTTP API user/password to anything less than a trusted server that doesn’t have users who could get that password. The Virtualmin API is an administrative tool, with effectively root access.
It is not immediately clear to me how one could safely allow a remote RoundCube instance to change passwords on a Virtualmin system. Locally, it can just run the passwd command (because we use system users, and a user can change their own password with the passwd command, though it requires the user know the old password, which can make password resets tricky and a different sort of problem). Remotely? I don’t know. It’d have to have elevated privileges to be able to change every user’s password.
Passwords are hard, because they have such severe security implications.
I think there would need to be a non-privileged API that allows Roundcube to authenticate using the users username and password…so, maybe a Usermin API (this is not a thing that exists, just spitballing ideas for how it might safely be done)? Usermin drops privileges and becomes the user when you login (like a shell session, basically), so it can only do things the user can do, which includes changing the user’s own password.
You could probably also hack up something on the Roundcube side that logs into the Virtualmin server via ssh and changes the password using passwd, but that’s likely to be very tricky to make work (have to worry about all sorts of possible configuration issues, like can the user login via ssh? do they have a shell that allows running passwd? are password logins allowed?).
While I’m talking, I should point out I have never used Roundcube and have never looked at how it is implemented. I know literally nothing about Roundcube or the password plugin or how Roundcube stores users and passwords and such. I had assumptions that are maybe wrong…mention of MySQL user storage above was news to me. I assumed Roundcube simply authenticated to the mail server and did not have its own user accounts (which would mean you’d only need to change the Virtualmin server user password), but that is maybe untrue and you also have to update something in Roundcube local storage, maybe a database?
I prefer Usermin since you have total control over spam if the server is using spamassin
The buttons could use an overhaul but still better to use on Virtualmin than alternative scripts.
Usermin is fine for techies like me, not so much for the users I intend to host email for. They need a minimum of complicated features that can be tweaked.
Please forgive my indiscretion; perhaps I simply lack enough understanding of how to adjust the feature-set I would prefer to be available or not in Usermin (I know the available/shown features can be adjusted).
I just know that the fewer things there are visible to be messed with, the more positive the response will be from users – I’ve already dealt with pushback on other “tech” projects because people didn’t want to “deal” with technology.
I recently posted in another forum, it’s a shame that the userbase for computers in general is largely transitioning from users to “consumers” — and that is the issue I am dealing with and why I was attempting to use Roundcube. Out of the box it feels a little more “Fisher Price” than Usermin.
We just need actionable feedback. I’m not complaining about being told it’s still too complicated, we just need to know what would make it suitable for end users. That’s the point of Usermin. It’s not an administrative tool, it is meant to be used by non-technical email users. It’s our webmail client, if nobody wants to use it for webmail, we’d like to know why.
But, just saying it’s too complicated doesn’t help, as I can’t see how it’s complicated. I’m not saying the complexity isn’t there, I’m saying we’re not able to discern where the complexity lies, so we can’t fix it.
It does need forwarding. Not too many people are going to be able to productively use a mail client that can’t forward mail. It’s too common a function.
Other than that, you can throw most users off by changing the thickness of a div border or moving a button from left to right. Usermin “looks different,” which is enough to bewilder the average non-tech user.
Case in point: I just spent a day and a half helping a client’s employee set up his email client, with autodiscover and autoconfig enabled and working. A day and a half. All he needed to do was correctly enter his email address and password, and it took him a day and a half.
So don’t take it personally. Most users… Well, let’s just say they didn’t quite make MIT.
Webmin already has a remote password change API, which can be enabled in Webmin ⇾ Webmin Configuration: Authentication page. Although, it will only work properly starting with the next Webmin release.
RoundCube plugin developers should consider using that for changing user passwords.
I didn’t know that existed. Where’s the code? Does it work without a root Webmin login? If it works without a root login, I’ll take a stab at making a Roundcube plugin for it. If it doesn’t work without a root login, then we don’t have a suitable API for this problem.
Sorry if this thread is not the appropriate place, but where should I submit actionable feedback?
After switching cPanel installations to Virtualmin, the one universal complaint I get from clients is that webmail is different and doesn’t display mails like the old webmail (RoundCube) did.
This difference in display of content seems to create the perception that Usermin does not work or is too complicated because you need to change options between reading emails.
When I tell clients about using dedicated mail applications, they see a list of steps to follow and flip out saying “this is too complicated, we just want email that works!” all the while refusing to even try what I’ve suggested…
As an admin, I personally do not want to run yet another web-application, per-domain or globally. That is just extra work to install, integrate, harden, and upkeep the software in one or multiple places. Not ideal, even if it is what the customer wants…
For actionable feedback, I want to say this:
Usermin needs to entirely divorce email content from the content and formatting of the Usermin web pages. Likely not a small task, but making emails display consistently, unaltered, and with less option fiddling is the most probable way to dispel the perception that Usermin doesn’t work or is too complicated.
Not by hijacking other peoples topics about other things!
Either open a new topic, or follow up on one that is about the thing you want to talk about. There happens to be a recent thread about the Usermin user experience, and this would go well there (but don’t be afraid to open new topics if a brief search doesn’t turn up a conversation that is related or if you’re not sure it is related). I’d rather have multiple topics about something than have a topic get derailed and go off in a dozen directions, especially topics that are asking for help with a specific problem, like this one.
I just want to post this here for posterity / clarification since I now have a better understanding, and to give this topic a proper closure.
No passwords are stored by Roundcube. The Roundcube script takes the password provided at login by the user and authenticates against the configured IMAP server. That is all. Since phpmyadmin was brought up in the context of changing user passwords, I will now dispel this question. The only password is the user’s unix/IMAP password.
By default, the only user data stored “locally” (in the Roundcube database) is in regards to the user’s Roundcube-specific mailbox preferences (layout, colors, date formats, signatures, etc.), independent from anything stored in the IMAP server (Dovecot in my case). An option for IMAP message-caching is available, but it is disabled by default.
Now to the password-changy thing.
There is a “driver,” included with the Roundcube password plugin, that can interface with Virtualmin to change a user’s unix password, but it is not enabled/configured by default and appears to need to be compiled and manually integrated. The expectation (barring the rigging of some kind of automated SSH-tunneling) is that the Roundcube script installation must run on the local unix server (alongside the IMAP server) for the password plugin’s Virtualmin driver to work.
