Team Password Manager runs on PHP (https://www.php.net/), a language designed for web development. To run Team Password Manager you first need to install PHP and some PHP modules, so you need a tool to verify what version of PHP you have installed and which modules are running in your installation. This tool is phpinfo (https://www.php.net/manual/en/function.phpinfo.php), a function that shows PHP's configuration.
- How to display PHP's configuration using phpinfo
- Local and Master values
- Relevant phpinfo entries to Team Password Manager
- How to change the value of a PHP setting
How to display PHP's configuration using phpinfo
- Create a text file in the same folder of your Team Password Manager files (or in your web server root) called
- Enter this in the text file:
- Open this file with your browser, for example: https://tpm.mycompany.com/phpinfo.php.
- If everything is correct, you should see a very large page similar to this one (here showing only the first entries):
Important: once you've finished with phpinfo you should delete the phpinfo.php file. phpinfo exposes lots of information about your system and an attacker could use it to gain access to your installation.
Local and Master values
Some entries have a "Local Value" and a "Master Value", for example:
The Master Value is the value of the entry compiled into PHP or set in the main configuration php.ini file. The Local Value is the value of the entry in effect when you execute phpinfo. It's the result of using directives that can modify PHP's configuration like ini_set() or php_value in .htaccess. Both values are normally the same, but if not, the Local Value is the one you need in the next section.
Relevant phpinfo entries to Team Password Manager
Here you have a list of the phpinfo entries relevant to Team Password Manager, with links to related documents if appropriate:
- Main section:
- PHP version: at the top, it will tell you which version of PHP is installed in your system. See which values are currently accepted for Team Password Manager in the Requirements page.
- Server API: how PHP communicates with the web server. It can have several values: Apache 2.0 Handler (mod_php), FPM/FastCGI, CGI/FastCGI, and others. Check the notes in the installation document to see how this affects your configuration.
- Loaded Configuration File: the main configuration file used to set the PHP values. See the next section to learn how to use it to change a value.
- Scan this dir for additional .ini files and Additional .ini files parsed: other configuration files used to set the PHP values. See the next section to learn how to use them to change a value.
- Thread Safety: on a Windows system, if the value is "disabled", use the Non-TS Ioncube Loader. More information here: https://www.ioncube.com/loaders.php.
- Zend Engine box: it will tell you if you have the Ioncube Loader (which is required to run Team Password Manager) installed and if so, which version you have. More information here: https://www.ioncube.com/loaders.php.
- Core section:
- always_populate_raw_post_data: this setting exists only in PHP 5.6. If your installation has this PHP version, make sure it's set to -1.
- max_execution_time: PHP Scripts executed from the browser have a maximum execution time, which is 30 seconds by default. You can set this limit higher by increasing this value. In the case of Team Password Manager, this affects processes like LDAP sync, import/export, etc. More information: https://www.php.net/manual/en/info.configuration.php#ini.max-execution-time.
- max_input_vars: this setting limits the number of fields in a form to 1000 by default. Some Team Password Manager forms, specially the ones that set permissions in passwords and projects, contain a lot of fields. So, if these forms contain more than 1000 fields you need to increase the number of this setting. More information: https://www.php.net/manual/en/info.configuration.php#ini.max-input-vars.
- upload_max_filesize: used to change the maximum file size for uploaded files. More information: how to change the maximum file size.
- post_max_size: used to change the maximum file size for uploaded files. More information: how to change the maximum file size.
- memory_limit: used to change the maximum file size for uploaded files. More information: how to change the maximum file size.
- cgi-fcgi module: if your installation uses Apache with FPM or CGI, or IIS, you need to set cgi.fix_pathinfo to 1. More information in the notes of the installation document.
- curl module: this module is required for SAML authentication.
- date module: this module is required and the following value must be set: date.timezone. More information here: The Log: timezone.
- filter module: this module is required and is normally installed by default, but some systems do not include it. If this is the case you need to install it manually. More information: https://www.php.net/manual/en/book.filter.php.
- gd module: this module is only required if you want to generate the QR codes for 2FA configuration (recommended). More information: Two-Factor Authentication in Team Password Manager.
- hash module: this is a required module and the Hashing Engine sha256 is required.
- ionCube Loader module: since version 10.3.5 of the Ioncube Loader, the Ioncube Loader has its own section in phpinfo. The Ioncube Loader is required to run Team Password Manager. For lower versions check the Zend Engine box to see if it's installed and its version. More information here: https://www.ioncube.com/loaders.php.
- json module: this module is required and is normally installed by default, but some systems do not include it. If this is the case you need to install it manually. More information: https://www.php.net/manual/en/book.json.php
- ldap module: this module is required if you want to use LDAP authentication. More information: LDAP authentication in Team Password Manager.
- mbstring module: this module is required.
- mcrypt module: it's only required for Team Password Manager versions lower than 7.84.198.
- mysqli module: this module is required. It's the one that allows PHP to connect to MySQL.
- openssl module: this module is required for LDAP with TLS/SSL or SAML authentication.
- session module: this module is the one that takes care of user sessions and is required. These are some of its relevant settings:
- session.save_handler: where PHP stores sessions. For Team Password Manager it must be "files".
- session_save_path: this is the folder in the server where the session files are stored.
- session.gc_maxlifetime: this setting affects the session timeout. More information here: Timeout and auto-logout.
- session.cookie_lifetime: this setting affects the session timeout. More information here: Timeout and auto-logout.
- xml: this module is required for SAML authentication.
- zLib module: this module is required for SAML authentication.
How to change the value of a PHP setting
To change the value of a PHP setting you need to edit the main PHP configuration file. This file is a text file normally called
php.ini and you can find its exact location by looking at the Loaded Configuration File entry of the phpinfo output. If you change a value in php.ini you need to restart the web server or FPM for the new value to take effect. You can verify the new value by reloading the phpinfo output.
In some systems there are also other configuration (.ini) files, which you can find by looking at the following entries of phpinfo: Scan this dir for additional .ini files and Additional .ini files parsed. These files contain the settings for specific modules, so if you need to change a value in one of them you should change it in these files, and not in the main php.ini file.
|Jan 11, 2022:||Document created|