Support for two-factor authentication

Hi,

I saw on the official Webmin documentation site that it supports two-factor authentication as of version 1.660, but I don't see any native support for this in Virtualmin. By this I mean I see no way to have Virtualmin users, when they are created, automatically get set up for two-factor authentication (you would still have to do this manually). So, my question is, does Virtualmin support some form of two-factor authentication, and how would I go about setting it up? I am very interested in adding this feature to my server, but would like to be able to enable and disable it on a per-user basis, rather than having it automatically and forcibly enabled for every single user on the system.

Thank you, -Logan Merrill

Status: 
Active

Comments

Howdy -- two-factor authentication is available for Webmin/Virtualmin users, and would normally be enabled on a case-by-case basis for each user you want to have it.

There are instructions available here for how to enable and use two-factor authentication:

http://doxfer.webmin.com/Webmin/EnhancedAuthentication

Let us know if you have any questions or concerns about how that works.

Hi,

The link you referenced is the same one that I came across that talked about Webmin's support for two-factor authentication. However, the article you linked to appears to only deal with Webmin and does not make any references to Virtualmin.

How would I enable two-factor authentication on the Virtualmin side and/or for Virtualmin users (both clients and resellers), and is there a way this process could be automated for new users that are automatically created by Virtualmin when, say, they sign up for Web hosting service on my site? I use the WHMCS client management and billing software and have set it up to automatically communicate with Virtualmin when a new client registers so that their virtual server can be created.

Finally, I already have a lot of existing users on the system. Is there a way that two-factor authentication can be enabled automatically / with one command for these users so that manual editing can be skipped?

Thanks, -Logan

The same method applies to Virtualmin as well, as it is built on top of Webmin.

However, there is no way to automatically enroll domain owners for two-factor authentication at creation time. Instead root would need to go to Webmin -> Webmin Users, click on a user, click on "Enable Two Factor For User", and then click "Enroll For Two-Factor Authentication". This will display a code that the user must enter into google authenticator on their phone.

The Mobile theme needs to be updated to support the Two-Factor authentication.

/usr/libexec/webmin/virtual-server-mobile/session_login.cgi

Find:

print &ui_table_row($text{'session_user'}, &ui_textbox("user", $in{'failed'}, 20));

print &ui_table_row($text{'session_pass'}, &ui_password("pass", undef, 20));

print &ui_table_row(" ", &ui_checkbox("save", 1, $text{'session_save'}, 1));

print &ui_table_end();

Convert to:

print &ui_table_row($text{'session_user'}, &ui_textbox("user", $in{'failed'}, 20));

print &ui_table_row($text{'session_pass'}, &ui_password("pass", undef, 20));

Two-factor token, for users that have it

if ($miniserv{'twofactor_provider'}) { print &ui_table_row($text{'session_twofactor'}, &ui_textbox("twofactor", undef, 20, 0, undef, "autocomplete=off")); }

print &ui_table_row(" ", &ui_checkbox("save", 1, $text{'session_save'}, 1));

print &ui_table_end();