Where can i find the passwords of users?
-
hi,
i have few administrators of my network that also access my pfsense and do changes when im not at office. i have allowed them to add more users in captive portal, but problem is i want to know the passwords of the users added by other admins. and i wanna know passwords because currently im using pfSense 1.2.3-RC1 and im willing to upgrade it to latest version soon. so i wanna save all passwords to somewhere else than the server.
and secondly when a user forgets his/her password i want see and give them their passwords.
please let me know how can i know the passwords of users.thanks.
edit by gruensfroeschli: please stop using unnecessary colorful text. We all can perfectly read normal text ;)
-
You can download the config.xml file (in /conf/config.xml) and copy the captive portal relevant part over to the new setup.
Or just go to "Diagnostics" –> "Backup/Restore" and select in the dropdown "captive portal".
On the new setup you then can restore this part. -
You can download the config.xml file (in /conf/config.xml) and copy the captive portal relevant part over to the new setup.
how can i download this file to other pc that is connected to pfsense using gui?
Or just go to "Diagnostics" –> "Backup/Restore" and select in the dropdown "captive portal".
On the new setup you then can restore this part.its a good idea, but i think if i backup everything of my pfsense 1.2.3 RC1 now and when i'll upgrade to latest version will that backup still be usable?
-
Yes it should still be usable.
Diagnostic –> Command Prompt --> Download - File to download:
-
I've downloaded the xml file. but is shows password in coding language???
like this is a user name and password i can see<user><name>MrLOVER</name>
<fullname>MrLOVER</fullname>
<expirationdate>11/18/2010</expirationdate>
<password>2804890a4b43e24d922447ddaaad3b2a</password></user>did you see? the password field is "2804890a4b43e24d922447ddaaad3b2a" like this.
how can i know what is the password? -
Well that IS the password (or at least the hash of it).
There is not more stored. Nowhere.
This is all you need.
If you copy this to the new setup it will work. -
ok thanks it will help me to restore all users.
but i still wanna know…
what does that hash language called? is there any software that can convert that language into simple? -
The passwords are never stored in cleartext.
Imagine, someone gains access to your pfSense and then has all passwords.In a secure design, you don't store the passwords directly.
You build a hash over the password (usually md5) (more info on this here http://en.wikipedia.org/wiki/MD5 )
and then store this hash.
It's not possible to find out what the password was out of this hash.Now if you request from an user a password, the user enters it's password, build a hash over this entered password, and compare it with your stored hash. If they match the user entered the correct password.
So the system doesn't actually compare the passwords you enter, but the hash out of it.
-
The passwords are never stored in cleartext.
Imagine, someone gains access to your pfSense and then has all passwords.In a secure design, you don't store the passwords directly.
You build a hash over the password (usually md5) (more info on this here http://en.wikipedia.org/wiki/MD5 )
and then store this hash.
It's not possible to find out what the password was out of this hash.Now if you request from an user a password, the user enters it's password, build a hash over this entered password, and compare it with your stored hash. If they match the user entered the correct password.
So the system doesn't actually compare the passwords you enter, but the hash out of it.
thats a very good thing, i didn't know this before.
i have one last question regarding this topic and that is…
i have downloaded xml file that has all user names and their password hashes. now when i want to restore them to my newly installed server. should i just upload this xml file and replace the existing file on server? if yes then how can i upload? i mean should i use the diagnostic -> command -> upload file option? if yes then will it ask me to replace it or will it replace it?
or is there any other way where i can upload and replace the server xml file?thanks a lot in advance :)
-
I wouldn't bother with extracting the relevant part out of the config.xml manually.
Just go to
Diagnostics –> Backup/Restore --> Backup configuration
and select "Captive Portal" from the dropdownlist.
This automatically downloads everything you need.To restore this go to
Diagnostics --> Backup/Restore --> Restore configuration
select Captive Portal from the dropdown and upload the file you download before. -
I wouldn't bother with extracting the relevant part out of the config.xml manually.
Just go to
Diagnostics –> Backup/Restore --> Backup configuration
and select "Captive Portal" from the dropdownlist.
This automatically downloads everything you need.To restore this go to
Diagnostics --> Backup/Restore --> Restore configuration
select Captive Portal from the dropdown and upload the file you download before.thats what i want. its resolved now.
and thanks for your great help.
i love pfsense :)
