Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#4406 Two-factor authentication is ignored

1.670
closed-fixed
nobody
None
5
2014-05-21
2014-05-12
Sander
No

I just enabled two-factor authentication (authy) and it seems the two-factor token is ignored. When I enter my username and password and simply press enter, Webmin logs me in like it would do without two-factor. I checked if two-factor is enabled for the user and it shows "Two-factor authentication type: Using provider Authy with ID XXXXXXX".

Discussion

1 2 > >> (Page 1 of 2)
  • Jamie Cameron
    Jamie Cameron
    2014-05-12

    Is two-factor enabled at Webmin -> Webmin Configuration -> Two-Factor Authentication?

     
  • Sander
    Sander
    2014-05-14

    Yes it is, it shows my API key and Authy as authentication provider.

     
    Last edit: Sander 2014-05-14
  • Steven Page
    Steven Page
    2014-05-15

    i recently raised an issue where two factor authentication is ignored for Sudo users;

    is the user which you have enabled two factor auth. for a SUDO user? if so, you need to clone the root user name it after your sudo user.

    i had problems creating a user with the same permissions as the root user, and have not yet tried to clone feature; make sure you temporarily allow root logins via Webmin (not SSH), due the fact that you may end up locking your self out..

    edit: i see that you are using Authy, and not Google-Authentication. this may not apply to you

     
    Last edit: Steven Page 2014-05-15
  • Sander
    Sander
    2014-05-18

    Yes, the user I enabled two factor for, is "root". I made a new Webmin User for the root account on the server, called 'XXXX-root'. When I log in with this account, two factor does indeed work. So, the problem seems to be two factor in combination with the Webmin root user. Thank you for sharing your solution!

     
  • Jamie Cameron
    Jamie Cameron
    2014-05-18

    So when it was failing originally, were you logging in as a user who has permissions to sudo to root?

     
  • Sander
    Sander
    2014-05-18

    Yes. During installation, I chose no for "Allow login as Root" and entered another name. So my root account is not called root. I log in to Webmin with this account, but Webmin sees it as root. So if the root user on the server is not called root, two factor doesn't seems to work.

     
  • Jamie Cameron
    Jamie Cameron
    2014-05-18

    Do you mean during the install of Webmin, or of your OS?

     
  • Sander
    Sander
    2014-05-19

    During the installation of my OS. In other words, my OS doesn't have a root account -it's called different.

     
  • Jamie Cameron
    Jamie Cameron
    2014-05-19

    Wait, so there is no user called "root" in /etc/passwd at all?

    Or does the user exist, but you just don't login as that user?

     
  • Sander
    Sander
    2014-05-20

    No, there is an user called "root" in /etc/passwd. So the user exists, but I don't login as that user.

    During the installation of Ubuntu, the installer asked me if I want to allow login as root. I chose no and entered another name for the "root" user. This user is the new "root" account. If I login with this account and do SUDO SU, I become the superuser.

     
    Last edit: Sander 2014-05-20
1 2 > >> (Page 1 of 2)