Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-1513

When HTTP auth is used zabbix resets user password to "zabbix" when changing user settings

    XMLWordPrintable

    Details

    • Type: Incident report
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.8, 1.9.0 (alpha)
    • Fix Version/s: 1.8.2, 1.9.0 (alpha)
    • Component/s: Frontend (F)
    • Labels:
      None

      Description

      When zabbix has been set to use HTTP auth if any modifications are made to user in users.php zabbix resets the password in database for that user to 'zabbix'. This is very annoying when using http auth and mod_auth_mysql with zabbix database. The reason for this seems to be this part in users.php:

      if(($config['authentication_type'] != ZBX_AUTH_INTERNAL) && zbx_empty($_REQUEST['password1'])){
      if(($config['authentication_type'] == ZBX_AUTH_LDAP) && isset($_REQUEST['userid'])){
      if(GROUP_GUI_ACCESS_INTERNAL != get_user_auth($_REQUEST['userid']))

      { // $_REQUEST['password1'] = $_REQUEST['password2'] = 'zabbix'; }

      }
      else

      { $_REQUEST['password1'] = $_REQUEST['password2'] = 'zabbix'; }

      Commenting out the else{} removes changing of password and issue is solved.

      As a side note would be nice if password could be changed even when using other than internal authentication. This can be done with replacing the following line in include/forms.php
      if(ZBX_AUTH_INTERNAL == $auth_type){
      with
      if(ZBX_AUTH_INTERNAL == $auth_type || ZBX_AUTH_HTTP == $auth_type){

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            hnsk Hannu Ylitalo
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: