1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk11 new password system issues

Discussion in 'Plesk 11.x for Linux' started by falcon7, Sep 16, 2012.

  1. falcon7

    falcon7 New Pleskian

    22
    57%
    Joined:
    Jul 1, 2002
    Messages:
    10
    Likes Received:
    0
    In earlier versions of Plesk, the admin password was stored as clear-text in a file in /etc/psa. They finally fixed that hole, and the password is stored encrypted. This is a very good thing. In any scripts (like database backup scripts) that need to use that password for access to mysql, where in the old days you would have:
    `cat /etc/psa/.psa.shadow`
    You now can replace that with:
    `/usr/local/psa/bin/admin --show-password`

    Fine, this all sounds good. However I've run into a strange issue: the admin password stored
    by the system and revealed through this command doesn't work with mysql directly.

    Example:
    % /usr/local/psa/bin/admin --show-password
    <mypassword>
    % mysql -uadmin -p
    Enter password: <mypassword>
    ERROR 1045 (28000): Access denied for user 'admin'@'localhost' (using password: YES)

    This is very annoying, since this breaks my backup scripts, and one needs occassionally to do admin type work in Mysql. Anyone know how to access Mysql in the new password system?
     
  2. paulieG

    paulieG Regular Pleskian

    25
     
    Joined:
    Mar 5, 2009
    Messages:
    164
    Likes Received:
    0
    Location:
    Lancaster
    Hi,

    I'm afraid you are incorrect, the MySQL admin password is the same as it ever was, the contents of /etc/psa/.psa.shadow. Your scripts should not need any changes.

    I'd point you to the relevant KB article but I can't find it right now, just try your script unchanged and it should work fine (does for us).

    Paul.
     
  3. falcon7

    falcon7 New Pleskian

    22
    57%
    Joined:
    Jul 1, 2002
    Messages:
    10
    Likes Received:
    0
    # cat /etc/psa/.psa.shadow
    $AES-128-CBC$yGg1y7HQvv0sZXNaSwGWvg==$Ho4j1xxe2ECx736JtV9WPw==

    so, the text at that location is now encrypted
    Yet, the following works! Very interesting!

    # mysql -uadmin -p`cat /etc/psa/.psa.shadow`
    Welcome to the MySQL monitor. Commands end with ; or \g.
    Your MySQL connection id is 2856
    Server version: 5.1.63-0+squeeze1 (Debian)
    ...

    mysql>



    Is this some new way of communicating the password to Mysql?
     
  4. LarsenD

    LarsenD Regular Pleskian

    22
    23%
    Joined:
    Apr 12, 2011
    Messages:
    131
    Likes Received:
    1
    Hi,

    this isn´t a new way. Although it looks like MySQL is given an encrypted password, it´s not. The string you see in the .psa.shadow IS the password. So, the MySQL password is really stored unencrypted, but you cannot get the Plesk admin password from that anymore.
     
  5. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    and by the way take note that in the new password stored in /etc/psa/.psa.shadow has a SPACE in it. If you are calling it in any of your php scripts, please wrap it under single quotes '$AES-128-CBC$yGg1y7HQvv0sZXNaSwGWvg==$Ho4j1xxe2ECx736JtV9WP w==' otherwise you will end-up into problems ...
     
  6. Nikolay.

    Nikolay. Silver Pleskian

    17
    35%
    Joined:
    Jul 1, 2012
    Messages:
    844
    Likes Received:
    2
    There can't be a space inside the encrypted password. Though the advice to quote it with single quotes is correct. Anyway, it would be better to just use -p`cat /etc/psa/.psa.shadow` if possible to avoid storing password in multiple places.
     
  7. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    Nikolay, there was a space in the early versions of Plesk 11. I just didn't realize that they have removed it with recent MUs.
     
Loading...