Re: [cobalt-users] Help! forgot password of virtual site!

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

Alexander wrote:

> I forgot the password to the virtual site I created.

AFAIK, sites don't have passwords, users have passwords.

> Is there any way as the admin I can look for it somewhere?

Yes, user passwords are found in /etc/shadow (readable only by root).

Here's an example (I made this one up, so don't bother trying to crack
it):

wcwxv:v7IjIdbSXcVc.:11119:0:99999:7:::

The colons ( : ) are the field separators.  The first, leftmost field,
in this example "wcwxv", is the username, the password is encrypted,
represented by "v7IjIdbSXcVc.".  It's a one-way encryption, but there
are hacker programs out there.

> can some one elaborate?

Why don't you just give it another password.  Here's what we tell our
customers:  "Sorry, we don't save a record of your password.  What we
can do is install a new one for you; what password would you like?"

Then how do you suspend a site, you ask?  Simple on the RaQ3 and above;
you click on a checkbox in the gui.

On a RaQ2 and below it's a bit more complex; you insert an asterisk ( *
) at the beginning; i.e., "v7IjIdbSXcVc." becomes "*v7IjIdbSXcVc.". 
Since the algorithm doesn't use asterisks, this results in a password
that cannot be matched.  Time to unsuspend your client?  You just remove
the asterisk.

No need to start, restart or reboot anything.  Changes take place
immediately when you change the /etc/shadow file.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205