Sunday, October 4, 2009

Openfire Admin Login

How to change Openfire's admin login when using Windows Vista and an embedded database:
  1. Shut down Openfire
  2. As the Windows Administrator,

    C:\Program Files (x86)\Openfire\embedded-db\openfire.script

  3. Change the line that looks something like this

    INSERT INTO OFUSER VALUES('admin',NULL,'<hex string>', 'Administrator','admin','0','0')


    INSERT INTO OFUSER VALUES('admin','<new password>',NULL, 'Administrator','admin','0','0')

  4. Save the file, exit the editor
  5. Restart Openfire
Here are the same instructions in a more annoying format:

Maybe this is just me but...well...I'd actually rather not deal with that alternative so I'm assuming that this is Openfire's problem problem and not mine.

OK, so for the upteenth time*, I lost the admin password on my Openfire installation.  Openfire is like the most user friendly XMPP server out there...that I know of...and I know of like 2 others so this one must be really, like, user friendly.  Anyhow, so I lost my admin login...again...and I tried to figure out how I could change that password without having to reinstall Openfire.

This applies to the Windows installation with an embedded database.  If you are using a real operating system and a real database, you probably don't have this problem.  If you do then it's because of you...not me.**

At any rate, if you're really unfortunate (read, me), then you are running on the the very interesting and very secure operating system that is Microsoft Vista.  In that case, you may find that Openfire is squatting in the following directory:

C:\Program Files (x86)\Openfire

Yes, it uses that font rather than courier.  Really.

What's more, the embedded database lives in

C:\Program Files (x86)\Openfire\embedded-db

Note that Vista took out the blank in just about everywhere except for the programs directory.

This makes it more secure.

I mean, why else would they have done it?

At this point, a stand-up comic would make an observation about how they recently had a child and wait politely for the audience to applaud.  The idea is to get the audience on your side by a) pointing out that you recently had a child and b) that you have been without sleep and c) are running Microsoft Vista and d) are on the edge and e) that not applauding could very well push you over the edge and f) whatever.

Now then, the embedded database does everything in memory except that it loads everything at startup.  Actually, I'm not sure if that's what it does at all, but it looks that way; and, since I'm the sort of person who forgets their admin login at the drop of a hat, I'm obviously the sort of person that you should listen to.***

The file


Has the various logins and passwords for the system.  In a bold move to ensure security, the passwords are encrypted.  Or rather, there is a field for the users table that contains a field called "encryptedpassword."  There is another password called "plainpassword."  Except both fields do not contain a period in the name.  I hate punctuation.

Now I know what you're thinking: "HA HA!  I shall just change the field that says 'email' to the new password and then the system shall let me in!"  This is why I make $300 an hour and you don't.****

What you actually need to do is change the "plainpassword" to the new password, and then change the "encryptedpassword" to "NULL!"******.

Except it doesn't work.

This is because the very interesting and extremely secure operating system, Windows Vista, will not let you save the file to that directory!  Instead you have to use the extremely secure step of editing the file as the administrator.

OK, so you do all the above and it still doesn't work.   At this point, if you are like me, you are saying Why is this clown using italics so much******* In addition you would not******** think to edit this file after shutting down Openfire, since that program rewrites the startup file every time it shuts down.

And then, only then, after all this enjoyable fun, would you be able to log onto Openfire.

* = which is, by the way, not because of me.
** = this has been verified by  Which is affiliated with me.  So therefore it's probably not objective.
*** = if you believe this and have a lot of money to waste on consultants, please contact me.
**** = if you believe or even if you don't, but you are willing to pay this amount for at least a year and you don't expect to get anything useful out of it, please contact me.*****
***** = P.S. to the previous note, you are also required to actually have that much money and be willing to give it to me in advance before contacting me.
****** = except that you leave off the exclamation point.  See, there really is a reason to pay me lots of money.
******* = except you were probably able to spell "italics" correctly on the first try.  Teacher's pet.
******** = see points above about giving me lots of money.
********* = does anyone else actually read footnotes?