Hashed passwords - Different on each setup

SYSTEM INFORMATION
OS type and version Debian 12
Webmin version 2.202
Virtualmin version 7.20.2
Webserver version Apache
Related packages mariadb

Hi.

We recently rolled out a new Debian 12 build of virtualmin for our clients.

We opted to use hashed passwords to ensure security.

How ever we have found that the virtualmin hosting, Mariadb and PHPmyadmin logins all have a different password.

Is there a way to set so that on creation all of them default to the virtualmin hosting password or is this just due to the design of hashed passwords not being able to be read by the different modules as they are being setup?

When you use hashed passwords, Virtualmin does not know the password. If it did, it wouldn’t be hashed (a hash is a one-way hash, you cannot easily recover the password from the hashed variant that is stored) and it would be discoverable by a root-level attacker.

Virtualmin has to know the database password for setting up applications. So, in a hashed passwords configuration the database password and the user password cannot match (because then a root-level attacker could find the user password, thus making the “hashed passwords” decision moot).

I’m pretty sure there’s help text to this effect when you choose this option, but maybe I can make it more clear.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.