#4406 Two-factor authentication is ignored


I just enabled two-factor authentication (authy) and it seems the two-factor token is ignored. When I enter my username and password and simply press enter, Webmin logs me in like it would do without two-factor. I checked if two-factor is enabled for the user and it shows "Two-factor authentication type: Using provider Authy with ID XXXXXXX".


  • Jamie Cameron

    Jamie Cameron - 2014-05-12

    Is two-factor enabled at Webmin -> Webmin Configuration -> Two-Factor Authentication?

  • Sander

    Sander - 2014-05-14

    Yes it is, it shows my API key and Authy as authentication provider.

    Last edit: Sander 2014-05-14
  • Steven Page

    Steven Page - 2014-05-15

    i recently raised an issue where two factor authentication is ignored for Sudo users;

    is the user which you have enabled two factor auth. for a SUDO user? if so, you need to clone the root user name it after your sudo user.

    i had problems creating a user with the same permissions as the root user, and have not yet tried to clone feature; make sure you temporarily allow root logins via Webmin (not SSH), due the fact that you may end up locking your self out..

    edit: i see that you are using Authy, and not Google-Authentication. this may not apply to you

    Last edit: Steven Page 2014-05-15
  • Sander

    Sander - 2014-05-18

    Yes, the user I enabled two factor for, is "root". I made a new Webmin User for the root account on the server, called 'XXXX-root'. When I log in with this account, two factor does indeed work. So, the problem seems to be two factor in combination with the Webmin root user. Thank you for sharing your solution!

  • Jamie Cameron

    Jamie Cameron - 2014-05-18

    So when it was failing originally, were you logging in as a user who has permissions to sudo to root?

  • Sander

    Sander - 2014-05-18

    Yes. During installation, I chose no for "Allow login as Root" and entered another name. So my root account is not called root. I log in to Webmin with this account, but Webmin sees it as root. So if the root user on the server is not called root, two factor doesn't seems to work.

  • Jamie Cameron

    Jamie Cameron - 2014-05-18

    Do you mean during the install of Webmin, or of your OS?

  • Sander

    Sander - 2014-05-19

    During the installation of my OS. In other words, my OS doesn't have a root account -it's called different.

  • Jamie Cameron

    Jamie Cameron - 2014-05-19

    Wait, so there is no user called "root" in /etc/passwd at all?

    Or does the user exist, but you just don't login as that user?

  • Sander

    Sander - 2014-05-20

    No, there is an user called "root" in /etc/passwd. So the user exists, but I don't login as that user.

    During the installation of Ubuntu, the installer asked me if I want to allow login as root. I chose no and entered another name for the "root" user. This user is the new "root" account. If I login with this account and do SUDO SU, I become the superuser.

    Last edit: Sander 2014-05-20
  • Jamie Cameron

    Jamie Cameron - 2014-05-21

    Ok, I see the bug that causes this now - it will be fixed in the upcoming Webmin 1.690 release.

  • Jamie Cameron

    Jamie Cameron - 2014-05-21
    • status: open --> closed-fixed

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks