Passwords wont set?

[beybyexampp]

Hi there. I have just started using uniserver and it worked great in our test environment!

 

i had a small problem when moving to production today. It seems that i can set the mysql password OK, but i cannot set any of the other passwords.

I have commented out the 4 lines in the ht access files and restarted apache. still no dice. It keeps asking me to set these passwords, i set it, it confirms that i have set it, and then right back to the beginning saying i am insecure and need to set passwords.

 

also i am not prompted to enter a password when logging on to apanel.

I have checked externally, and SITENAME/apanel returns a 404, so it is locked down OK based probably on apache directory security.

 

i do want to set a password so that people on the internal network must authenticate.

i have also added 'allow from 10' in the ht access files, so that i can admin the server from my local subnet.

 

any ideas? any way to set these passwords manually with a text editor?

let me know thanks!

i get the following when going to apanel/home

 

* Change the username/password for the Admin Panel here
* Change the username/password for the server here
* Change the username/password for the SSL server here
* Run the Security Console and see if everything is OK.

 

any help appreciated! thanks.

 

also i should note that the machine has two IP addresses, if that matters. really the only difference between dev and live. i set the ip in the httpd.conf (changed from localhost).

[Ric]

You have not stated what version of US you are using!

 

However in all versions, location of .htaccess/password files are as follows:

 

Apanel:

UniServer\home\admin\www\.htaccess

UniServer\htpasswd\home\admin\www\.htpasswd

 

SSL Root:

UniServer\ssl\.htaccess

UniServer\htpasswd\ssl\.htpasswd

 

WWW Root

UniServer\www\.htaccess

UniServer\htpasswd\www\.htpasswd

 

Content of password files have the following format:

Name:password

 

In each .htacces file remove the hash to enable authentication.

For example change this

#AuthName "Uniform Server - Secure Server Access"

#AuthType Basic

#AuthUserFile ../../../htpasswd/ssl/.htpasswd

#Require valid-user

To:

AuthName "Uniform Server - Secure Server Access"

AuthType Basic

AuthUserFile ../../../htpasswd/ssl/.htpasswd

Require valid-user

 

All the best

Ric

[beybyexampp]

Yes i just upgraded and still have this issue.

 

 

I can successfully change the contents of those files, but apanel still tells me they are not configured. annoying!

 

Any idea how i prevent apanel from giving me security alerts about my already configured passwords?

[BobS]

Sorry, still missing some info, like what version (by number, like 7.0.1) and what OS (XP. Vista, 7). It's hard to take a shot in the dark, as Ric noted.

Regards,

BobS

[beybyexampp]

version of uniserver is 5.7.5 . OS is windows 2003 server.

 

 

sorry didnt think it relevant!

[Znote]

Windows 2003 64bit seem to have this problem. I can not reproduce it on 32bit. I assume there is some problems with uniserv having permission to check and modify these files. However if .htaccess and htpasswd is modified to your liking they should be secure. Even thought apanel notifies you they are unprotected.

 

Also uniform server should be pretty secure by default. What you need to do is to avoid "config" based phpmyadmin, change it over to cookie. (And give root and pma a password) People outside localhost or 127.0.0.1 does not have default permission into your apanel or mysql web-based client. (phpmyadmin).

 

And you can modify .htaccess to only allow your global IP address. Else just keep it secure, and enter the computer with remote desktop and connect from localhost.