Changed mySQL admin password - broken Plesk

[Phil Wareham]

Hi there,

I've just changed the master admin password for mySQL not realising it would break Plesk (v10.2), now I'm getting the following message when trying to connect to Plesk...

ERROR: PleskFatalException
Unable to connect to database: saved admin password is incorrect.

0: common_func.php3:93
psaerror(string 'Unable to connect to database: saved admin password is incorrect.')
1: auth.php3:127

How can I update my Plesk install to use the new mySQL password, or roll back to the previous password that Plesk was using?

Thanks,
Phil

 

[Edward-Dekker]

On Linux, the MySQL admin password set by Plesk can be found in /etc/psa/.psa.shadow.

also at http://www.onlinehowto.net/Tutorials/Plesk-Control-Panel/Plesk-password-issue-/376 you'll find some more items to resolve your MySQL problem.

 

[Phil Wareham]

Cheers, my ISP fixed the problem for me in the end, but those instructions above would work - although I was led to believed the password in /etc/psa/.psa.shadow was now hashed as of v10.

 

[PSi_101]

I too was caught out by this issue, as I was unable to figure out what the admin username's password was for MySQL.
So it sounds like the password is in fact hashed, but the hash itself is used as the password for the admin account for MySQL....is that right?
Sounds like a bug to me.
That's just as much a security flaw as storing the Plesk admin password in plaintext like before, because if you have the hashed password, you just login into MySQL with the hashed password as is, then go and cause all sorts of havoc in there.

 

[Tyree]

I've had the same issue.
A guy at Softlayer got it so that the plain text version worked with MySQL and Plesk. So, I didn't have to type (paste) the hashed version anywhere. Unfortunately, he didn't explain to me HOW he did it. After the update to 10.3.1, the problem has returned!
Anyone know how?

 

[RandyN]

I was attempting to access my MySQL database through SSH and with PLESK, you're user/pass for MySQL is the same as PLESK. After modifying this, same thing, PLESK went down and I was denied access. Even after following the tutorials to rewrite a new (or the old) password for PLESK/MySQL, they did not sync up and I was still denied.

I ended up using the hashed password from the command "cat /etc/psa/.psa.shadow && echo" and updating the password for 'admin' to that. Then, PLESK worked. Just for giggles, I tried again running a command like "mysql -u admin -p" and using the new/old/hashed passwords and all of them were denied.

It seems like they are not syncing up for some reason. I rewrite the password through MySQL, restart both services, and then I can "mysql -u admin -p" with that new pass, but PLESK goes down and denies it. Then, if I rewrite the password through MySQL again to old/hashed pass, restart both services, PLESK works and goes back up, but I can't have root access to MySQL. Something is off, and I'm not sure what, to be honest.

Either way, access to PLESK > access to MySQL right now, so I'm sticking with that, but if all else fails, try the hashed password when PLESK goes down, and then immediately change it to something else to get it back running again.

Once you get PLESK back up and running, you technically should be able to login to MySQL SSH'd by using the command "mysql -u admin -p 'cat /etc/psa/.psa.shadow' " so here goes....

 

[pixeljunkie]

I had the same issues here with Plesk 10.4.4 after password change via Plesk backend.
I tried every tutorial and i couldn`t get it to work. Either Plesk had access to mysql but all shell tools didn`t work anymore and i couldn`t access mysql via shell or everything was the other way around. A total mess!
Then i found out, that if plesk was working i could use the encrypted password hash to login to mysql via shell.
Sorry Parallels, but this has to be a bug!
What worked for me... get the shell access working again (i reset the password via phpmyadmin) and then call:
/usr/local/psa/bin/init_conf -u -passwd <password> -plain-password
now everything is in sync and the shadow file is unencrypted.
IMHO this encryption is totally nonsense because it`s only security-by-obscurity.
Cost me 4 hours and a headache...

 

[Dx3webs]

+1

what a pain!

I was trying to use automysqlbackup but it would not accept my pass or 'cat /etc/psa/.psa.shadow' however, following the advice below I used the hash from "cat /etc/psa/.psa.shadow && echo" and this worked fine..

i can log into plesk using the normal password however, mysql -u admin -p will only accept the hash value..

I dont think this is how it is meat to work...

 

[JohannD]

It is now October 2012, and Plesk now has the version 11+, and seemingly this problem has still not been addressed. So, as I understand it, for Parallels it is a 'feature' and not a 'bug'

I personally like the workaround provided by pixeljunkie (2012-01-19 13:46):

/usr/local/psa/bin/init_conf -u -passwd 'some_password' -plain-password

This will save the password 'some_password' in plain text in the file /etc/psa/.psa.shadow, as well as synchronizing the 'admin' password in mysql. Thus it is possible to use the same password for the web-interface of Plesk-Penal and for the mysql admin login. Just make sure the linux server's root password is not the same as the Plesk password, as this will be in plain text in the file /etc/psa/.psa.shadow

Alternate workaround: log in to mysql as 'admin' using the encrypted 'admin' password from /etc/psa/.psa.shadow (the whole string).

Then recreate the mysql root user originally removed by Plesk:

mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'some_password' WITH GRANT OPTION;

Thereafter you can again log in to mysql as 'root', and don't need to change anything with Plesk.

 

[abdi]

http://kb.parallels.com/en/112492