#4098 "No password accepted" for root blocks sudo logins

1.580
open
5
2012-06-14
2012-06-14
No

root password is disabled for SSH, and we want the same policy for Webmin.

In Webmin Users | Unix user Authentication, "Only allow Webmin users to login" is selected.

Steps to reproduce:
1) log into Webmin as root (browser: Epiphany)
2) go to Webmin Users | Unix user Authentication
4) tick "Allow users who can run all commands via sudo to login as root" and click Save
5) log into Webmin as alastair (browser: Iceape)
6) log out of Webmin as alastair (browser: Iceape)
7) go to Webmin Users (browser: Epiphany)
8) click on link for root user
9) Change Password option to "No password accepted" and click Save
10) attempt log into Webmin as alastair (browser: Iceape): LOGIN FAILS
11) go to Webmin Users (browser: Epiphany)
12) click on link for root user
13) Change Password option to "Unix authentication" and click Save
14) log into Webmin as alastair (browser: Iceape)

Step 14 succeeds, which shows that something about the selection made in step 9 is blocking sudo users' logins.

System is CentOS release 6.2

Discussion

  • Alastair Irvine

    Alastair Irvine - 2012-06-14
     
  • Alastair Irvine

    Alastair Irvine - 2012-06-14

    I can't figure out why many of the steps listed above seem to be missing from miniserv.debug

     
  • Alastair Irvine

    Alastair Irvine - 2012-06-14

    sudo logins also break if there is a password set for the root Webmin user.

     
  • Jamie Cameron

    Jamie Cameron - 2012-06-15

    That behavior is actually not surprising - the sudo login support in Webmin is just an alternate way of logging in as root. So if the root Webmin user has his password disabled or set to something other than Unix authentication, sudo logins will pick up this setting and fail.

    A better option is to change root's actual password in /etc/shadow to something like *LK* , so that direct logins as root never work.

     

Log in to post a comment.