Under fully updated RHEL 7.2 system...
2 servers have that exact same flaw. The 2fa I had setup before installing virtualmin for ssh logins still works fine and only accepts proper codes.
I've tried to setup 2fa with Google Auth on latest virtualmin. After numerous tries at activating, missing modules, trying to install them, installing Moose, Moo outside of virtualmin, testing all requires, strict and warning packages for Authen::OATH, I decided to try, according to one of the many support pages on this forum, to install an old version (1.0.0) of perl-Authen-OATH found on sourceforge...
I could then activate 2fa. And my happiness was short lived because after enrolling users, the webmi
n login page accepts ANY code. So I removed manually the package. Same thing. I then removed Authen::OATH from the list of perl modules from within webmin only to see I can still activate 2fa and it still accepts every code.
So far, I've:
<code>yum install perl-CPAN
perl -MCPAN -e shell
install Bundle::CPANAuthen::OATH is up to date (2.0.0).
as well as install every perl package by hand to receive... every time, for all packages messages like this one:
cpan> install Authen::OATH
Database was generated on Wed, 31 Aug 2016 16:53:29 GMT
Authen::OATH is up to date (2.0.0).
What troubles me is that I removed Authen::OATH from inside webmin, but cpan shell still reports it's installed and up to date.
Can someone help me solve this thing? Where can I look at?