If Parallels Plesk Panel (PP) is integrated with Customer & Business Manager (CBM), after I change admins on the "Change password" page, it is still possible to log in using the old password.
The same thing happens when I change the password using PP command-line utilities.
If PP is integrated with CBM, admin credentials are managed by the SSO module, and it is possible to log in to both the PP and CBM panels using the global SSO account password.
If you wish to change that password, you need to do it through the CBM interface. Otherwise, if, for example, the PP interface is used, the global SSO account password will remain unchanged, and will still be valid for logging in to the PP CPl. In addition, the connection between the Panel and Business Manager will be dropped.
In order to notify the PP administrator of such behavior, the following message is shown when trying to change the password through the PP web interface:
"Warning: You are about to change the local Administrator's password for the Panel. This will drop the connection between the Panel and Business Manager. Learn how to change the password to remain connected."
Link 'Learn how to...' pointed to non-existing URL, this behavior was fixed in Plesk Panel 11.0.9
The only correct way to change the PP password in the case of CBM integration is to do it through the CBM web interface. You can find more in our documentation.
PP providers may caution their PP administrators about the above behavior by changing the warning message as shown in the example below.
The message itself is contained in an unencrypted locale file,
/usr/local/psa/admin/plib/locales/en-US/common_messages_en-US.php, and can be easily modified, e.g.:
'billing_admin_password_change_warning' => 'You are about to change the local Administrator\'s password for the Panel. This will drop the connection between the Panel and Business Manager.</p><p><b><font color=\"ff0000\"><u>ATTENTION!</u> Changing Administrator\'s password here will not change Administrator\'s password in global account and login into Parallels Plesk Panel with old password will be still possible!</font></b></p>%1', 'billing_admin_password_change_warning_link' => 'Learn how to change the password to remain connected and secure.',