Submitted by markhard on Sun, 07/27/2014 - 06:43
when a system owner suspended/locked and tried to login, cloudmin shows "Login failed. Please try again."
suggestion: when a system owner is suspended/locked please show "your account is suspended. please contact support" so system owner is clear that his/her account is suspended.
Status:
Active
Comments
Submitted by JamieCameron on Sun, 07/27/2014 - 18:45 Comment #1
That may not be a great idea from a security point of view - currently Virtualmin/Webmin doesn't differentiate between an incorrect username or password when a login fails, which makes it harder for an hacker to perform a brute-force attack. Adding this kind of message would reveal that an account exists, but isn't currently usable.
Submitted by Locutus on Tue, 07/29/2014 - 07:09 Comment #2
An alternative might be a generic message like "Login failed. Wrong password, username unknown or account suspended - if you're sure the username is correct, contact support"
Submitted by JamieCameron on Tue, 07/29/2014 - 13:13 Comment #3
You can customize the error message by creating the file
/etc/webmin/custom-langcontaining :session_failed=Login failed. Wrong password, username unknown or account suspended - if you're sure the username is correct, contact supportSubmitted by Locutus on Tue, 07/29/2014 - 13:32 Comment #4
Ooh, see, Jamie anticipated this request! ;)
Submitted by markhard on Wed, 07/30/2014 - 04:23 Comment #5
will this custom-lang file get overwritten when webmin got updated?
Submitted by andreychek on Wed, 07/30/2014 - 09:31 Comment #6
It wouldn't be overwritten, as that custom-lang file is in /etc/webmin and is considered a config file.
Files in /usr/libexec/webmin are where the actual Webmin run-time files are stored, and if those are modified they may indeed be overwritten.
So while you wouldn't want to modify the run-time files, modifying config files is safe and will be preserved.