Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-1513

When HTTP auth is used zabbix resets user password to "zabbix" when changing user settings

    XMLWordPrintable

Details

    • Incident report
    • Resolution: Fixed
    • Major
    • 1.8.2, 1.9.0 (alpha)
    • 1.8, 1.9.0 (alpha)
    • Frontend (F)
    • None

    Description

      When zabbix has been set to use HTTP auth if any modifications are made to user in users.php zabbix resets the password in database for that user to 'zabbix'. This is very annoying when using http auth and mod_auth_mysql with zabbix database. The reason for this seems to be this part in users.php:

      if(($config['authentication_type'] != ZBX_AUTH_INTERNAL) && zbx_empty($_REQUEST['password1'])){
      if(($config['authentication_type'] == ZBX_AUTH_LDAP) && isset($_REQUEST['userid'])){
      if(GROUP_GUI_ACCESS_INTERNAL != get_user_auth($_REQUEST['userid']))

      { // $_REQUEST['password1'] = $_REQUEST['password2'] = 'zabbix'; }

      }
      else

      { $_REQUEST['password1'] = $_REQUEST['password2'] = 'zabbix'; }

      Commenting out the else{} removes changing of password and issue is solved.

      As a side note would be nice if password could be changed even when using other than internal authentication. This can be done with replacing the following line in include/forms.php
      if(ZBX_AUTH_INTERNAL == $auth_type){
      with
      if(ZBX_AUTH_INTERNAL == $auth_type || ZBX_AUTH_HTTP == $auth_type){

      Attachments

        Activity

          People

            Unassigned Unassigned
            hnsk Hannu Ylitalo
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: