Skip navigation
153570 Views 25 Replies Latest reply: Nov 22, 2013 1:26 AM by Mohsin Raza RSS Branched to a new discussion.
Bronze 10 posts since
Jul 2, 2006
Currently Being Moderated

Sep 15, 2008 5:41 AM

Openfire admin password



I have a small problem, my openfire server has been running so well that I haven't needed to administer it for a while and have forgotten the admin password. This would be fine if I was using MySql as it would be easy to fix, but I have used the built in database.


Would someone be able to give me a simple howto on how to reset this password.


Many Thanks

  • Silver 58 posts since
    Sep 3, 2008
    Currently Being Moderated
    Sep 15, 2008 8:51 AM (in response to Chris O)
    Re: Openfire admin password

    Find the sparkweb.xml file in the Conf directory, open it in your favorite text editor and place the following:




    Where "joe" is any user you want to use as the admin. This will allow you to login with an account you know.


    If this doesn't work, open the same sparkweb.xml file, find the entry near the bottom that says <setup>true</setup> and change it to false.

    Stop and start the service, open the admin console and you will be prompted to begin the setup again. You previous settings will be saved and you can press "save & continue" for most settings. When it asks for the admin account, fix it there.

    • Daryl Herzmann KeyContributor 1,526 posts since
      Mar 12, 2005
      Currently Being Moderated
      Sep 15, 2008 10:54 AM (in response to Chris O)
      Re: Openfire admin password


      I am not well versed with the embedded database, but I believe in the embeded-db folder, there is a openfire.script file, which contains the SQL commands for your database.  If you open it up with a text editor and search for a line containing admin and ofUser, you may find your password in plain text there.



  • old_salt Bronze 5 posts since
    Sep 15, 2008
    Currently Being Moderated
    Sep 15, 2008 11:03 AM (in response to Chris O)
    Re: Openfire admin password

    I too am unable to access the web admin console. What happened to this feature compared to the older versions?


    I don't have the admin info listed in my openfire.xml file. any other ideas? Yes I am running the latest version. Just downloaded a couple days ago and set this up.




  • Bronze 51 posts since
    Jun 24, 2008
    Currently Being Moderated
    Sep 15, 2008 12:20 PM (in response to Chris O)
    Re: Openfire admin password

    With 3.6.0a, is it possible to add another authorized user to the openfire.xml file and have that new authorized user get sucked in to the database with a restart of openfire? (if it is, you could do that, get in and then start adjust admin user/passwords as needed).

    • Silver 58 posts since
      Sep 3, 2008
      Currently Being Moderated
      Sep 15, 2008 12:41 PM (in response to rculpepper)
      Re: Openfire admin password

      As stated before, edit the conf/openfire.xml file with the red text...


      <!-- root element, all properties must be under this element -->
          <!-- Disable either port by setting the value to -1 --> 


      This will REPLACE the existing admin account.

      Once you get into the Admin console, you can edit the Server Properties and change the admin account, or add another with a comma separator.


      I have done this several times with 3.6.0a...

      • Bronze 2 posts since
        Apr 7, 2009
        Currently Being Moderated
        Apr 7, 2009 8:15 PM (in response to Oxymoron)
        Re: Openfire admin password



        This worked for me. Like many others I seem to have an Openfire server that keeps forgetting passwords.


        version 6.3.6, about 3 days old. Not too impressed.

      • istong Bronze 4 posts since
        Aug 5, 2009
        Currently Being Moderated
        Aug 5, 2009 10:18 AM (in response to Oxymoron)
        Re: Openfire admin password



        I tried that on my 3.6.0a server and then went to the admin gui and typed jimuser with no password and it didn't let me in.  (I copied and pasted your text and then stopped and started openfire).   We use ldap integration with AD normally so is it possible this didn't work because it still tried to use ldap/ad for authentication?   I'm basically looking for a way to get into the admin gui when the ldap/ad piece is hosed up so I can reconfigure to get it working.




        • Jim Davis Bronze 6 posts since
          Sep 30, 2009
          Currently Being Moderated
          Oct 2, 2009 9:54 AM (in response to istong)
          Re: Openfire admin password

          Been there, done that many times. If you brick your ldap configured server, you can't just add an admin account to the openfire.xml to get access. If your ldap stuff is horqued, then it will not find the user you added to the xml file.


          The only recourse is to change the <setup>true</setup> to false and restart your server. Reconnect and run through mr wizzard again.



  • Ruben Bronze 2 posts since
    Sep 1, 2010
    Currently Being Moderated
    Sep 1, 2010 1:31 PM (in response to Chris O)
    Re: Openfire admin password

    Helo Everyone,


    I just installed Openfire for the first time.  We have a Red Hat server, so I went with the openfire-3.6.4-1.i386.rpm.  It installed fine with no errors.  It started fine.  I went to the browser interface and configured it fine.  I chose to use the embedded database and default group system.  However, when I went to log in it told me that my username or password were incorrect.  I have tried the solutions offered on this thread and none of them have worked.


    Interestingly, when I tried to run the embedded viewer I got this error:


    <root@server> sh
    Starting embedded database viewer...
    Exception in thread "main" java.lang.NoClassDefFoundError: org.hsqldb.util.DatabaseManagerSwing
    Caused by: java.lang.ClassNotFoundException: org.hsqldb.util.DatabaseManagerSwing not found in gnu.gcj.runtime.SystemClassLoader{urls=[], parent=gnu.gcj.runtime.ExtensionClassLoader{urls=[], parent=null}}
       at gnu.gcj.runtime.SystemClassLoader.findClass(
       at java.lang.ClassLoader.loadClass(
       at java.lang.ClassLoader.loadClass(


    I made sure that I have gcc-java installed (4.1.2-48).  Is there something else I need?  Is my whole setup broken?

    • LG KeyContributor 6,395 posts since
      Dec 13, 2005
      Currently Being Moderated
      Sep 1, 2010 1:41 PM (in response to Ruben)
      Re: Openfire admin password may help.


      <root@server> sh

      interesting, I would not start a java application as root

      The error "Caused by: java.lang.ClassNotFoundException: org.hsqldb.util.DatabaseManagerSwing not found" indeicates that a ".class" or ."jar" file is missing to start the db viewer application, so it's sad that you can't start it but it does not hurt. Your database is so small right now, you can even view and edit it with "vi" (while Openfire is not running) if you want.



  • Elder Flores Salas Bronze 1 posts since
    Sep 13, 2010
    Currently Being Moderated
    Sep 13, 2010 6:55 AM (in response to Chris O)
    Re: Openfire admin password

    I openfire.xml appears in the administrator name ... I add it?


    That is what I get in my openfire.xml



      <?xml  version="1.0" encoding="UTF-8" ?>
    - <!--
        This file stores bootstrap properties needed by Openfire.
        Property names must be in the format: ""
        That will be stored as:
        Most properties are stored in the Openfire database. A
        property viewer and editor is included in the admin console.
    - <!--
     root element, all properties must be under this element 
    - <jive>
    - <adminConsole>
    - <!--
     Disable either port by setting the value to -1 
    - <!--
     Network settings. By default, Openfire will bind to all network interfaces.
          Alternatively, you can specify a specific network interfaces that the server
          will listen on. For example, This setting is generally only useful
           on multi-homed servers. 
    - <!--
    - <connectionProvider>
  • MIssterX Bronze 3 posts since
    Oct 9, 2010
    Currently Being Moderated
    Oct 9, 2010 5:22 AM (in response to Chris O)
    Re: Openfire admin password

    Strange... I could not log in to Admin Console even after your suggestions.


    I'm using WAMP on localhost so I did this:

    1) Opened "openfire" database in PHPMyAdmin

    2) Opened "ofuser" table

    3) Found (at install time generated user) "admin"

    4) Edited cell in column (at install time created) "plainPassword"

    4a) New password was entered

    5) Login was successfull [username: admin / password: see 4a)]


    Please do file a bug-report on this one.



    Since I'm running on localhost I do not have any certificates installed that should break the functionallity - or?

  • church Silver 218 posts since
    Feb 20, 2010
    Currently Being Moderated
    Jun 7, 2011 2:01 PM (in response to Chris O)
    Openfire admin password

    I found out that if you do not have openfire tied to AD, then the default login is "admin" and the password you entered during setup. By default is has nothing to do with the email address you entered at setup - like you'd think it would. This is still on Openfire 3.7

  • gauss Bronze 1 posts since
    Jul 18, 2013
    Currently Being Moderated
    Jul 18, 2013 1:37 AM (in response to Chris O)
    Re: Openfire admin password

    If you can access the database, please open the table named ofproperty, then find out the record

    "admin.authorizedJIDs" and its propvalue is "admin@gauss-pc".


    That means only admin can login the admin panel.


    So you can add another jid(make sure you know its password )  in it,  For example "admin@gauss-pc,test1@gauss-pc".


    Restart openfire service,


    Login in admin panel via the account which you just added.

  • Mohsin Raza Bronze 1 posts since
    Nov 21, 2013
    Currently Being Moderated
    Nov 22, 2013 1:26 AM (in response to Chris O)
    Re: Openfire admin password

    this method will work for External Database (i.e. Mysql).

    I was using openfire with external Mysql database and forgot the admin password


    then I followed these steps to successfully reset my passwrod:


    1. used OpenFire Blowfish Class for password encryption (also attaching the code below)
    2. go to your openfire mysql database (in phpmyadmin)
    3. in Db go to "ofProperty" table and look for passwordKey->value (copy past this key for later use
    4. also updated "admin.authorizedJIDs" with (i.e: username@domain) in "ofProperty" table
    5. recover now with OpenFire Blowfish Class:

    ======================OpenFire Blowfish.php===========================





    * Emulate OpenFire Blowfish Class


    class OpenFireBlowfish


        private $key;

        private $cipher;


        public $enckey = "acE1v7A2L0MdjuS"; //Hidden Encryption Key of Openfire BlowFish

        public $enciv = '';



        function __construct($pass)


            $this->cipher = mcrypt_module_open('blowfish','','cbc','');

            $ks = mcrypt_enc_get_key_size($this->cipher);

            $this->key = pack('H*',sha1($pass));




        function encryptString($plaintext, $iv = '')


            if ($iv == '') {

                $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($this->cipher));


            else {

                $iv = pack("H*", $iv);


            mcrypt_generic_init($this->cipher, $this->key, $iv);

            $bs = mcrypt_enc_get_block_size($this->cipher); // get block size

            $plaintext = mb_convert_encoding($plaintext,'UTF-16BE'); // set to 2 byte, network order

            $pkcs = $bs - (strlen($plaintext) % $bs); // get pkcs5 pad length

            $pkcs = str_repeat(chr($pkcs), $pkcs); // create padding string

            $plaintext = $plaintext.$pkcs; // append pkcs5 padding to the data

            $result = mcrypt_generic($this->cipher, $plaintext);


            return $iv.$result;




        function decryptString($ciphertext)


            $bs = mcrypt_enc_get_block_size($this->cipher); // get block size

            $iv_size = mcrypt_enc_get_iv_size($this->cipher);

            if ((strlen($ciphertext) % $bs) != 0) { // check string is proper size



            $iv = substr($ciphertext, 0, $iv_size); // retrieve IV

            $ciphertext = substr($ciphertext, $iv_size);

            mcrypt_generic_init($this->cipher, $this->key, $iv);

            $result = mdecrypt_generic($this->cipher, $ciphertext); // decrypt

            //echo var_dump(unpack('c*',$iv))."\n";

            $padding = ord(substr($result,-1)); // retrieve padding

            $result = substr($result,0,$padding * -1); // and remove it


            return $result;




        function __destruct()







    // Test OpenFire Blowfish Class

    $enckey = "paste your openfire passwordKey"; //paste your openfire Db passwordKey copied in poin# 3

    $enciv = '';



    $a = new OpenFireBlowfish($enckey);



    $encstring = bin2hex($a->encryptString('password',$enciv)); //enter your password string to encrypt it

    echo "Encrypted Password string:".$encstring . "<br>";



    echo "Original Password string:".$a->decryptString(pack("H*", $encstring)) . "<br>";








    6. now run this file on your local webserver and copy the encryptedPassword string

    7. now go to "ofUser" table in openfire database and replace the encryptedPassword string in your "ofUser" Table against your admin username.



    8. restart your server that can be done from WHM (forcerestart/graceful restart)

    9. after restarting server refresh your openfire page ( or ) and login using username and password that you used for encryption



    this method will work for External Database Mysql.

More Like This

  • Retrieving data ...

Bookmarked By (1)


  • Correct Answers - 10 points
  • Helpful Answers - 5 points