Virtual Min Password remains the same after change

I am having a problem changing the virtualmin administrative password.
I am not sure if this is related but I have restricted access to webmin/virtualmin to localhost:10000
So in order to connect to the interface I use tunneling to connect to https://127.0.0.1:10000

The steps I follow are:

  1. Connect to Webmin as root
  2. Select VirtualMin and then select the virtual server in question
  3. Edit Virtual Server–>Configurable Settings–>Administration Password (Set to)
  4. Enter some password and click Save Virtual Server
  5. Log out
  6. Log in with the virtual server credentials as changed above and the password is not accepted.

I can log in to the said account with the old password.

This is very strange as it seems the password is not actually changed. Any suggestions?

This is the Action Details

Changed file /etc/shadow
32c32
< chaky:$6$48047609$Xea0lbhHYKvYLdN76ZHg5CAWAwkBN4xqG2cKcBnNuh0jDqH4jzVi9HQlB3bF3B7rpbwjjIj5wDbnENlK5/POo.:15602::::::

chaky:$6$48063558$O7RPP9B/SiI0oXrKUh6OD3TQDEBD.7zFjYSwTdLrzkZYRHp/h/ojz9NH6mCBPJU1JMPWvmXFDMd0MdHLUE3w5.:15602::::::
Executed command
chattr -i /home/chaky/fcgi-bin/php5.fcgi
Executed command
chattr +i /home/chaky/fcgi-bin/php5.fcgi
Changed file /home/chaky/.stats-htpasswd
1c1
< chaky:nHYmFa6pxeFK2


chaky:0.cDq1/3VrQjA
Changed file /etc/webmin/virtual-server/domains/13473052752397
21c21
< md5_enc_pass=$1$48047609$zOUpRq4a9FC6Hi4rlALH10


md5_enc_pass=$1$48063558$VvmYJ3HDScgUNxU72ZeET0
23c23
< lastsave=1348053767


lastsave=1348063563
28c28
< crypt_enc_pass=nHYmFa6pxeFK2


crypt_enc_pass=0.cDq1/3VrQjA
45c45
< enc_pass=$6$48047609$Xea0lbhHYKvYLdN76ZHg5CAWAwkBN4xqG2cKcBnNuh0jDqH4jzVi9HQlB3bF3B7rpbwjjIj5wDbnENlK5/POo.


enc_pass=$6$48063558$O7RPP9B/SiI0oXrKUh6OD3TQDEBD.7zFjYSwTdLrzkZYRHp/h/ojz9NH6mCBPJU1JMPWvmXFDMd0MdHLUE3w5.
104c104
< digest_enc_pass=5bb38b4462dc810fd01a44efe4fdb07e


digest_enc_pass=1cbce5922d299a63867aa90209a82259
142a143
pass_set=1


In /etc/secure
Sep 19 14:06:10 ****** webmin[29005]: Logout by root from localhost.localdomain
Sep 19 14:06:17 ****** webmin[29008]: Invalid login as ****** from localhost.localdomain

Howdy.

Hmm, are you using a non-typical authentication mechanism, such as LDAP or MySQL?

Also, do you see any errors in /var/webmin/miniserv.error?

-Eric

I am using PAM Authentication.
I had a problem with PAM and resolved it by installing the pam perl module and creating the webmin file with the following contents

“auth include system-auth”

The miniserve log file shows the following before and after installing pam.

[19/Sep/2012:14:03:45 +0000] miniserv.pl started
[19/Sep/2012:14:03:45 +0000] Using MD5 module Digest::MD5
[19/Sep/2012:14:03:45 +0000] PAM test failed - maybe /etc/pam.d/webmin does not exist
[19/Sep/2012:14:04:59 +0000] miniserv.pl started
[19/Sep/2012:14:04:59 +0000] Using MD5 module Digest::MD5
[19/Sep/2012:14:04:59 +0000] PAM authentication enabled

Thanks,
Efty

Hmm, it looks like PAM authentication isn’t working for some reason, it looks like you’re getting an error regarding that.

Can you verify that the webmin file you created is still there? You can do that with this command:

ls -l /etc/pam.d/webmin

If that is there – which distro/version is it that you’re using? We may need to double-check the contents.

Also, is PAM just configured to read from /etc/passwd and /etc/shadow? Another option would be to configure Virtualmin to read directly from those.

-Eric

Hi Eric,

I am using Centos 6.3.
I am not sure how you configure PAM to read from /etc/passwd and /etc/shadow
What I tried was to disable PAM and the password change works. What are the pros/cons of using/not using PAM?
Thanks,
Efty
Here is the output of the command and the contents of the file

[root@cyatcu pam.d]# ls -l /etc/pam.d/webmin
-rw-r–r-- 1 root root 61 Sep 19 14:04 /etc/pam.d/webmin
[root@cyatcu pam.d]# cat /etc/pam.d/webmin
#%PAM-1.0

description: webmin pam

auth include system-auth
[root@cyatcu pam.d]#

Howdy,

Well, using PAM in theory should work.

However, that’s actually disabled by default – and Virtualmin just directly uses the password and shadow files to handle authentication.

There’s not really a downside to that… it’s only a problem if you later switch to a different authentication method. In that case you’d have to reconfigure Virtualmin, rather than just reconfiguring PAM.

But it’s rare to change authentication methods, most folks just use the standard password files.

-Eric