Submitted by airshock on Mon, 01/13/2014 - 19:53
Hi,
I saw on the official Webmin documentation site that it supports two-factor authentication as of version 1.660, but I don't see any native support for this in Virtualmin. By this I mean I see no way to have Virtualmin users, when they are created, automatically get set up for two-factor authentication (you would still have to do this manually). So, my question is, does Virtualmin support some form of two-factor authentication, and how would I go about setting it up? I am very interested in adding this feature to my server, but would like to be able to enable and disable it on a per-user basis, rather than having it automatically and forcibly enabled for every single user on the system.
Thank you, -Logan Merrill
Status:
Active
Comments
Submitted by andreychek on Mon, 01/13/2014 - 20:46 Comment #1
Howdy -- two-factor authentication is available for Webmin/Virtualmin users, and would normally be enabled on a case-by-case basis for each user you want to have it.
There are instructions available here for how to enable and use two-factor authentication:
http://doxfer.webmin.com/Webmin/EnhancedAuthentication
Let us know if you have any questions or concerns about how that works.
Submitted by airshock on Wed, 01/15/2014 - 19:00 Comment #2
Hi,
The link you referenced is the same one that I came across that talked about Webmin's support for two-factor authentication. However, the article you linked to appears to only deal with Webmin and does not make any references to Virtualmin.
How would I enable two-factor authentication on the Virtualmin side and/or for Virtualmin users (both clients and resellers), and is there a way this process could be automated for new users that are automatically created by Virtualmin when, say, they sign up for Web hosting service on my site? I use the WHMCS client management and billing software and have set it up to automatically communicate with Virtualmin when a new client registers so that their virtual server can be created.
Finally, I already have a lot of existing users on the system. Is there a way that two-factor authentication can be enabled automatically / with one command for these users so that manual editing can be skipped?
Thanks, -Logan
Submitted by JamieCameron on Wed, 01/15/2014 - 22:12 Comment #3
The same method applies to Virtualmin as well, as it is built on top of Webmin.
However, there is no way to automatically enroll domain owners for two-factor authentication at creation time. Instead root would need to go to Webmin -> Webmin Users, click on a user, click on "Enable Two Factor For User", and then click "Enroll For Two-Factor Authentication". This will display a code that the user must enter into google authenticator on their phone.
Submitted by jpps on Sun, 09/21/2014 - 14:18 Comment #4
The Mobile theme needs to be updated to support the Two-Factor authentication.
/usr/libexec/webmin/virtual-server-mobile/session_login.cgi
Find:
print &ui_table_row($text{'session_user'}, &ui_textbox("user", $in{'failed'}, 20));
print &ui_table_row($text{'session_pass'}, &ui_password("pass", undef, 20));
print &ui_table_row(" ", &ui_checkbox("save", 1, $text{'session_save'}, 1));
print &ui_table_end();
Convert to:
print &ui_table_row($text{'session_user'}, &ui_textbox("user", $in{'failed'}, 20));
print &ui_table_row($text{'session_pass'}, &ui_password("pass", undef, 20));
Two-factor token, for users that have itif ($miniserv{'twofactor_provider'}) { print &ui_table_row($text{'session_twofactor'}, &ui_textbox("twofactor", undef, 20, 0, undef, "autocomplete=off")); }
print &ui_table_row(" ", &ui_checkbox("save", 1, $text{'session_save'}, 1));
print &ui_table_end();