Possible to get cleartext password?

[FarhanT]

I have hosting service hosted on more than 20+ Plesk servers, version 11.
As in the previous versions, the passwords were not encrypted, then if i had to design some tools to manage the hosting accounts, i just picked up the cleartext passwords from the Database. but as now the passwords are encrypted, is there any way i can decrypt the passwords? through API or any other way so that i can integrate my php based hosting management with plesk 11?

Thanks
Farhan

 

[Christian_S]

Try turning off the Enhanced Security Mode:

http://download1.parallels.com/Ples...inistrator-guide/index.htm?fileName=71227.htm

Regards
Christian

 

[FarhanT]

i cannot see any option to disable enhanced mode

 

[Christian_S]

In the PSA mysql database look at misc table secure_passwords param.
Try setting it to false. I haven't tried it and don't know how a change will effect customers/domains/mail accounts already on the server.

See: http://forum.parallels.com/pda/index.php/t-260584.html

 

[Sergey L]

Existing passwords will stay encrypted even if the enhanced mode is disabled with this hack. It is recommended to change your API integration to Secret Keys. This way knowing password should be unnecessary.

 

[FarhanT]

@Sergey

Thanks for the information.
But i need to know that is it possible that i can manage the passwords through APIs? are there such APIs available?

Also, is there any possible way i can disable Enhance Security Mode?

I actually want to get the password for accounts in cleartext, so that i can use that password in my own PHP based plesk management tools.

What is the purpose of Secret keys, and how they can be helpful for me in my requirement?

Thanks

 

[abdi]

Farhan, if you already enabled enhanced mode then its already too late for you to ever again use clear text passwords. Even if you were able to disable enhanced mode still the passwords will stay encrypted!

Only a re-installation is the only way to revert back to clear text passwords AND only to new domains or data. BUT all previous data still stays with encrypted passwords.