phpMyAdmin setup does not recognize its own passwod

Question

So, I'm trying to setup phpMyAdmin on my new server, but I cannot enter the setup because im prompted with a .htaccess password messagebox which expects a username/password.

The apache.conf in the /etc/phpmyadmin folder looks like this:

# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

   <Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php

    <IfModule mod_php5.c>
        <IfModule mod_mime.c>
            AddType application/x-httpd-php .php
        </IfModule>
        <FilesMatch ".+\.php$">
            SetHandler application/x-httpd-php
        </FilesMatch>

        php_flag magic_quotes_gpc Off
        php_flag track_vars On
        php_flag register_globals Off
        php_admin_flag allow_url_fopen Off
        php_value include_path .
        php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
        php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/
    </IfModule>
</Directory>

# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
    <IfModule mod_authz_core.c>
        <IfModule mod_authn_file.c>
           AuthType Basic
           AuthName "phpMyAdmin Setup"
           AuthUserFile /etc/phpmyadmin/htpasswd.setup
        </IfModule>
        Require valid-user
    </IfModule>
</Directory>

I have already checked the htpasswd.setup file, which says:

admin:*

However, when I enter admin and leave the password field blank, the server rejects me. The apache2 error.log says:

[Fri Mar 04 12:07:05.812975 2016] [auth_basic:error] [pid 3449] [client 95.112.247.64:50581] AH01617: user admin: authentication failure for "/phpmyadmin/setup": Password Mismatch

Did I do anything wrong previously? Because this does not make sense to me at all.

Answer 1

You appear to have installed phpMyAdmin from your distribution's packaged version, so something went wrong on installation. As Lelio Faieta indicated, this isn't directly from phpMyAdmin, it's a protection your package maintainer has implemented, so you probably should seek support directly from your distribution.

First try reinstalling/reconfiguring.

With Debian/Ubuntu: dpkg-reconfigure --plow phpmyadmin CentOS doesn't seem to have a reconfigure option.

If that fails, I don't anticipate any reason you couldn't just reset the password. Unlike, for instance, the control user or the system database user, the username/password isn't (likely to be) used anywhere else so you can (should be able to safely) change the password:

sudo htpasswd /etc/phpmyadmin/htpasswd.setup admin

Or even better, I'd personally add a new account and forget about 'admin':

sudo htpasswd /etc/phpmyadmin/htpasswd.setup yunowork

Although technically this might leave you vulnerable if someone else knows the admin password, but I imagine your distribution generated a password, plus running the setup script is not the same as having database access anyway. So you're extremely likely to be fine either way.