If for some reason PAM authentication is not working on a system where
CipherMail is installed using the deb or RPMS, you can add a default
admin by executing some SQL queries
For MySQL/MariaDB:
Login to the database (default password is: djigzo):
mysql -u djigzo -h 127.0.0.1 -p djigzo
The following SQL queries will insert an admin account with
username: admin
password: admin
insert into cm_admin (cm_built_in, cm_enabled, cm_password,
cm_password_encoding, cm_salt, cm_username) values (false, true,
'admin', 0, '', 'admin');
insert into cm_admin_cm_authorities (cm_admin, cm_authorities) values
((select cm_id from cm_admin where cm_username='admin'), (select cm_id
from cm_authority where cm_role='ROLE_LOGIN'));
insert into cm_admin_cm_authorities (cm_admin, cm_authorities) values
((select cm_id from cm_admin where cm_username='admin'), (select cm_id
from cm_authority where cm_role='ROLE_ADMIN'));
For PostgreSQL, change the names of the tables/columns
Kind regards,
Martijn Brinkers
On Wed, 2021-10-27 at 11:51 +0200, Martijn Brinkers via Users wrote:
> On Tue, 2021-10-26 at 06:24 +0000, birger.kraegelin--- via Users
> wrote:
> > I installed a brand new CipherMail 5.0.4 VM from OVA.
> >
> > Console login works, configuring network works, looking around in
> > bash looks quite good.
> >
> > When accessing https:/<<my-ip-address>> and logging in with admin
> > and
> > default PW, I get a "Login failed".
> > In /var/log/ciphermail-gateway-backend.log I see error mesages
> > (shortened):
> > INFO Application {
> > http://ws.djigzo.com}PAM#{http://ws.djigzo.application.mitm/}authenticate
> > has thrown exception
> > WARN [Admin Login] Authentication failure: Bad credentials,
> > Source:
> > --- Principal: admin; Credentials: [PROTECTED]; Authenticated:
> > false; --- Not granted any authorities
> >
> > I already did a reset of the admin passwd according to "Forgot GUI
> > admin password" foind in documentation.
> >
> > Where is my mistake? How can I access the admin pages?
>
> Unfortunately this is a regression :(
>
> When you apply on the admin page, PAM auth will be disabled :(
>
> You can re-enable PAM from the command line
>
> Enable PAM:
>
> java -cp "/usr/share/djigzo/lib/*" \
> mitm.application.djigzo.tools.CLITool \
> --global --set-property pam.enabled \
> --value true
>
> Read PAM enabled status:
>
> java -cp "/usr/share/djigzo/lib/*" \
> mitm.application.djigzo.tools.CLITool \
> --global --get-property pam.enabled
>
> This will be fixed on the upcoming release.
>
> Kind regards,
>
> Martijn Brinkers
>
--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger
