Virtual Min Password remains the same after change

I am having a problem changing the virtualmin administrative password.
I am not sure if this is related but I have restricted access to webmin/virtualmin to localhost:10000
So in order to connect to the interface I use tunneling to connect to

The steps I follow are:

  1. Connect to Webmin as root
  2. Select VirtualMin and then select the virtual server in question
  3. Edit Virtual Server–>Configurable Settings–>Administration Password (Set to)
  4. Enter some password and click Save Virtual Server
  5. Log out
  6. Log in with the virtual server credentials as changed above and the password is not accepted.

I can log in to the said account with the old password.

This is very strange as it seems the password is not actually changed. Any suggestions?

This is the Action Details

Changed file /etc/shadow
< chaky:$6$48047609$Xea0lbhHYKvYLdN76ZHg5CAWAwkBN4xqG2cKcBnNuh0jDqH4jzVi9HQlB3bF3B7rpbwjjIj5wDbnENlK5/POo.:15602::::::

Executed command
chattr -i /home/chaky/fcgi-bin/php5.fcgi
Executed command
chattr +i /home/chaky/fcgi-bin/php5.fcgi
Changed file /home/chaky/.stats-htpasswd
< chaky:nHYmFa6pxeFK2

Changed file /etc/webmin/virtual-server/domains/13473052752397
< md5_enc_pass=$1$48047609$zOUpRq4a9FC6Hi4rlALH10

< lastsave=1348053767

< crypt_enc_pass=nHYmFa6pxeFK2

< enc_pass=$6$48047609$Xea0lbhHYKvYLdN76ZHg5CAWAwkBN4xqG2cKcBnNuh0jDqH4jzVi9HQlB3bF3B7rpbwjjIj5wDbnENlK5/POo.

< digest_enc_pass=5bb38b4462dc810fd01a44efe4fdb07e


In /etc/secure
Sep 19 14:06:10 ****** webmin[29005]: Logout by root from localhost.localdomain
Sep 19 14:06:17 ****** webmin[29008]: Invalid login as ****** from localhost.localdomain


Hmm, are you using a non-typical authentication mechanism, such as LDAP or MySQL?

Also, do you see any errors in /var/webmin/miniserv.error?


I am using PAM Authentication.
I had a problem with PAM and resolved it by installing the pam perl module and creating the webmin file with the following contents

“auth include system-auth”

The miniserve log file shows the following before and after installing pam.

[19/Sep/2012:14:03:45 +0000] started
[19/Sep/2012:14:03:45 +0000] Using MD5 module Digest::MD5
[19/Sep/2012:14:03:45 +0000] PAM test failed - maybe /etc/pam.d/webmin does not exist
[19/Sep/2012:14:04:59 +0000] started
[19/Sep/2012:14:04:59 +0000] Using MD5 module Digest::MD5
[19/Sep/2012:14:04:59 +0000] PAM authentication enabled


Hmm, it looks like PAM authentication isn’t working for some reason, it looks like you’re getting an error regarding that.

Can you verify that the webmin file you created is still there? You can do that with this command:

ls -l /etc/pam.d/webmin

If that is there – which distro/version is it that you’re using? We may need to double-check the contents.

Also, is PAM just configured to read from /etc/passwd and /etc/shadow? Another option would be to configure Virtualmin to read directly from those.


Hi Eric,

I am using Centos 6.3.
I am not sure how you configure PAM to read from /etc/passwd and /etc/shadow
What I tried was to disable PAM and the password change works. What are the pros/cons of using/not using PAM?
Here is the output of the command and the contents of the file

[root@cyatcu pam.d]# ls -l /etc/pam.d/webmin
-rw-r–r-- 1 root root 61 Sep 19 14:04 /etc/pam.d/webmin
[root@cyatcu pam.d]# cat /etc/pam.d/webmin

description: webmin pam

auth include system-auth
[root@cyatcu pam.d]#


Well, using PAM in theory should work.

However, that’s actually disabled by default – and Virtualmin just directly uses the password and shadow files to handle authentication.

There’s not really a downside to that… it’s only a problem if you later switch to a different authentication method. In that case you’d have to reconfigure Virtualmin, rather than just reconfiguring PAM.

But it’s rare to change authentication methods, most folks just use the standard password files.