From: Dave I. <dav...@en...> - 2007-06-01 18:31:55
|
We are running Webmin 1.330 and Red hat EL4, and are using full PAM conversations in order to support multi-factor authentication. =20 Unfortunately, we have found that when logging into Webmin, when prompted for the Username, if you enter a non-existing username miniserv will return a 403 error, with the error message "Login failed". This is handled very poorly by most browsers. Firefox displays an unformatted white page with the words Login Failed on it, and IE7 simply displays its own internal error page. =20 I'd rather miniserv simply redisplay the Username prompt with a message "Login failed, please try again" like it does when you attempt to log into an existing user with an incorrect password. =20 Poking through miniserv.pl, I made the following changes around line 1390. You can see the old code commented out. I added the two lines following that. =20 if ($rv =3D=3D 0) { # Cannot login! #&http_error(403, "Login failed", # "Login failed : $question"); local $hrv =3D &handle_login("unknown", 0, 0, 1, undef); return $hrv if (defined($hrv)); } This gives me the desired behaviour, but is it the correct thing to do. Have I introduce any bad side effect? =20 Thanks =20 Dave Isaacs =20 |