Where does Webmin stores its passwords?

Question

I am trying to figure out where does Webmin store its passwords on a fedora machine ? Is it stored hashed ? or plain text and where ?

I have tried to search all the system files and Webmin but no luck !

Thanks in advance

MattBianco · Answer 1 · 2014-10-21T10:57:38.027

5

Both the other answers are wrong, at least if the question is about the users of webmin itself. Default (Webmin 1.710) is to allow only webmin users to log in to webmin, with root as the initial only existing user, and shadow authentication for root only.

The webmin user database is stored in /etc/webmin/miniserv.users with traditional unix style contents.

edited Oct 21 '14 at 10:57

answered Oct 21 '14 at 10:52

MattBianco

1,501
2
20
30

score 3 · Answer 2 · answered Oct 14 '13 at 18:15

3

I think it keeps a plaintext copy of the passwords in the /etc/webmin/virtual-server/plainpass dir.

answered Oct 14 '13 at 18:15

Rahul Tripathi

168,305
31
280
331

Ilia Ross · Accepted Answer · 2022-04-04T17:52:21.803

2

By default Webmin is using /etc/shadow file for authentication.

In case Webmin is setup to use password authentication, on Webmin ⇾ Webmin Configuration: Edit Webmin User page, it will also store hashed passwords (i.e. in /etc/webmin/miniserv.users file) based on hashing format defined on Webmin ⇾ Webmin Configuration: Authentication page.

Either way, the passwords for authentication stored by Webmin are always hashed!

edited Apr 04 '22 at 17:52

answered Oct 14 '13 at 18:39

Ilia Ross

13,086
11
53
88

That is not really correct. Passwords are not encrypted... – user1156544 Apr 03 '22 at 16:21
1

Thanks, I have completely re-edited my initial answer. It has been a long time! – Ilia Ross Apr 04 '22 at 17:53

Where does Webmin stores its passwords?

3 Answers3