• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Plesk11 new password system issues

F

falcon7

New Pleskian
In earlier versions of Plesk, the admin password was stored as clear-text in a file in /etc/psa. They finally fixed that hole, and the password is stored encrypted. This is a very good thing. In any scripts (like database backup scripts) that need to use that password for access to mysql, where in the old days you would have:
`cat /etc/psa/.psa.shadow`
You now can replace that with:
`/usr/local/psa/bin/admin --show-password`

Fine, this all sounds good. However I've run into a strange issue: the admin password stored
by the system and revealed through this command doesn't work with mysql directly.

Example:
% /usr/local/psa/bin/admin --show-password
<mypassword>
% mysql -uadmin -p
Enter password: <mypassword>
ERROR 1045 (28000): Access denied for user 'admin'@'localhost' (using password: YES)

This is very annoying, since this breaks my backup scripts, and one needs occassionally to do admin type work in Mysql. Anyone know how to access Mysql in the new password system?
 
Hi,

I'm afraid you are incorrect, the MySQL admin password is the same as it ever was, the contents of /etc/psa/.psa.shadow. Your scripts should not need any changes.

I'd point you to the relevant KB article but I can't find it right now, just try your script unchanged and it should work fine (does for us).

Paul.
 
# cat /etc/psa/.psa.shadow
$AES-128-CBC$yGg1y7HQvv0sZXNaSwGWvg==$Ho4j1xxe2ECx736JtV9WPw==

so, the text at that location is now encrypted
Yet, the following works! Very interesting!

# mysql -uadmin -p`cat /etc/psa/.psa.shadow`
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2856
Server version: 5.1.63-0+squeeze1 (Debian)
...

mysql>



Is this some new way of communicating the password to Mysql?
 
Hi,

this isn´t a new way. Although it looks like MySQL is given an encrypted password, it´s not. The string you see in the .psa.shadow IS the password. So, the MySQL password is really stored unencrypted, but you cannot get the Plesk admin password from that anymore.
 
and by the way take note that in the new password stored in /etc/psa/.psa.shadow has a SPACE in it. If you are calling it in any of your php scripts, please wrap it under single quotes '$AES-128-CBC$yGg1y7HQvv0sZXNaSwGWvg==$Ho4j1xxe2ECx736JtV9WP w==' otherwise you will end-up into problems ...
 
abdi said:
and by the way take note that in the new password stored in /etc/psa/.psa.shadow has a SPACE in it. If you are calling it in any of your php scripts, please wrap it under single quotes '$AES-128-CBC$yGg1y7HQvv0sZXNaSwGWvg==$Ho4j1xxe2ECx736JtV9WP w==' otherwise you will end-up into problems ...
Click to expand...

There can't be a space inside the encrypted password. Though the advice to quote it with single quotes is correct. Anyway, it would be better to just use -p`cat /etc/psa/.psa.shadow` if possible to avoid storing password in multiple places.
 
Nikolay, there was a space in the early versions of Plesk 11. I just didn't realize that they have removed it with recent MUs.
 
You must log in or register to reply here.

Similar threads

P
Forwarded to devs Plesk Migrator does not copy databases from DirectAdmin
Replies
4
Views
2K
Peter Debik
P
Amadex
Resolved Problems with MariaDB update on CloudLinux 8
Replies
3
Views
2K
Nikolay
Nikolay
D
Issue Hello, I would like to login to my Plesk, however there is a problem that I cannot determine.
Replies
2
Views
4K
dakrueger
D
A
Issue issue with php pages
Replies
14
Views
2K
gulshan212
gulshan212
M
Resolved transvhosts.pl fails to update apache default DocumentRoot
Replies
16
Views
2K
Peter Debik
P
Back
Top