Unable to reset admin password for Icinga web interface using MySQL

kalaniakahi · January 3, 2024, 2:06am

Following human error in my password manager app, I’m no longer able to login to the administrator account for my Icinga Web 2 interface (lost password). This is also the only Icinga Web user account I have.

Since my web interface uses the icingaweb2 database for authentication, I’m trying to reset the admin password directly in MySQL using the following recommendation from this post:

Generated hash for new password:

openssl passwd -1 -salt 10 i_want_this_as_password
Output:
$1$10$dICVmz55eGloV8kHzSm9x.

Updated admin user’s password hash in MySQL:

mysql> use icingaweb2;
mysql> UPDATE icingaweb_user SET password_hash=‘$1$10$dICVmz55eGloV8kHzSm9x.’ WHERE name = ‘my_admin_account’;

Then ran the following to verify the change:

mysql> select * from icingaweb_user where name = ‘my_admin_account’;

Attempted to login to web interface using new password, but received “incorrect username or password” error.

I triple checked that the hash generated by openssl is the same entered in MySQL. Am I missing something?

Thanks.

Icinga Web 2 version: 2.9.5
Web browser used: Chrome
Icinga 2 version used: 2.13.2-1
PHP version used: 7.3.29
Server operating system and version: CentOS 7

nilmerg · January 8, 2024, 8:32am

Please hash the password as described in the documentation. With openssl on the commandline, there’s no guarantee it will work.

kalaniakahi · January 8, 2024, 11:59pm

Unfortunately, I previously attempted to hash the new password per the documentation with no luck.

Running php -r 'echo password_hash("yourtopsecretpassword", PASSWORD_DEFAULT);' throws an error.

-bash: php: command not found

I’m running rh-php73-php-fpm v7.3.29

homerjay · January 9, 2024, 9:22am

Hi.

Just a short note:

Execute the commands on the machine with icingaweb2, php should be installed there.
Probably, you have to use the full path to php, e.g. : /usr/bin/php

Use:

type php

to get the full path to the php executable.

Greetings,
Homerjay

kalaniakahi · January 11, 2024, 7:40pm

I changed to the directory php is located (usr/bin/php) and tried to run php -r 'echo password_hash("yourtopsecretpassword", PASSWORD_DEFAULT);' but receive the same error.

-bash: php: command not found

homerjay · January 17, 2024, 9:52am

Hi.

Try:

/usr/bin/php -r 'echo password_hash("yourtopsecretpassword", PASSWORD_DEFAULT);'

Greetings,
HomerJay

gryphon85 · January 17, 2024, 10:35am

I searched my notes and found an entry where I tried the same.

Here I only used openssl passwd -1 "geheimespasswort" without the -salt 10 attribute.

If you can’t change the password of your icinga web administrator you can create a new user:

INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '<hash>');

kalaniakahi · January 17, 2024, 7:34pm

Running /usr/bin/php -r 'echo password_hash("yourtopsecretpassword", PASSWORD_DEFAULT);' results in

-bash: usr/bin/php: Is a directory

kalaniakahi · January 17, 2024, 7:54pm

Creating a new user and giving them admin privileges was the only thing that worked. Thanks!