The default installation of asteriskNOW has the amportal.conf settings to use AUTHTYPE=database for authentication and a default username/password combination that is throwing some people for a loop - in terms of changing the default password. The reason why people are not able to locate the freepbx user information in any of the files to change is that it is actually stored in the MySQL database user tables not files. I don't know why this username/password is setup like this and no clear mention of changing it made from what I could see - but I'll admit I didn't do a full RTFM. From reading some other posts in this forum it appears to be a common situation.

In order to change the freepbx/fpbx username and password combination (from what I can derive) you will need to follow these steps.

1. from a command prompt as root run the command “mysql” without the quotes. Depending on if you’ve overridden the username/password combination you might need to pass switches “mysql –u root –p” or some combination to login.
2. once inside the mysql prompt run the SQL statement “use mysql”
3. then run the SQL statement “UPDATE user set Password=PASSWORD(‘newsecretpassword’) WHERE User=’freepbx’
4. then run the SQL statement “flush privileges”
5. exit the mysql prompt
6. use a text editor to open /etc/amportal.conf
7. find the AMPDBPASS line and change the value fpbx to your newsecretpassword that you set earlier in MySQL
8. text editor next on /etc/asterisk/cdr_mysql.conf
9. find the fpbx password value and replace the old password with your newsecretpassword
10. text editor next on /etc/asterisk/extensions_additional.conf (I know you shouldn’t edit this directly but you need to since you can’t “Apply Changes” to regenerate this file yet)
11. find the fpbx password value and replace the old password with your newsecretpassword
12. now that you’ve changed these files execute a amportal restart command and you should be good to go

There might be a “proper” way of doing this but since no one seems to know what that is here is a way to do it in the meantime to close this HUGE GAPING SECURITY HOLE.

http://forums.digium.com/viewtopic.php?t=74423