From: Watson, W. <Wil...@ve...> - 2013-04-29 14:29:02
|
Hi, I am trying to setup keepass to open my webmin sites with firefox using a URL something like the following: http://ahost:10000/session_login.cgi?user=auser&pass=apassword But I get the following message even though cookies are enabled: Error - No cookies Your browser does not support cookies, which are required for this web server to work in session authentication mode I noticed that there is a cookie called testing () when I open the main login page. How do I get webmin to allow me to login without disabling session authentication mode? Thanks and regards, William |
From: Watson, W. <Wil...@ve...> - 2013-05-21 05:52:08
|
Hi Jamie, Thanks for the suggestion, Our servers are all set up to use https. I just set this one up with http to play with. I looked through the code and assume miniserv.pl is picking up the notestingcookie directive from /etc/webmin/miniserv.conf. I set this and restarted the server, but I still get the message. Where should I set the directive? Thanks and regards, William > >Message: 4 >Date: Mon, 29 Apr 2013 11:27:55 -0700 (PDT) >From: "Jamie Cameron" <jca...@we...> >Subject: Re: [webmin-l] keepass login in session authentication mode >To: Webmin users list <web...@li...> >Message-ID: <136...@we...> > >On 29/Apr/2013 07:11 Watson, William <Wil...@ve...> wrote >.. >> Hi, >> >> I am trying to setup keepass to open my webmin sites with firefox using a >URL >> something like the following: >> >> http://ahost:10000/session_login.cgi?user=auser&pass=apassword >> >> But I get the following message even though cookies are enabled: >> >> Error - No cookies >> >> Your browser does not support cookies, which are required for this web >server to >> work in session authentication mode >> >> I noticed that there is a cookie called testing () when I open the main login >> page. >> >> How do I get webmin to allow me to login without disabling session >authentication >> mode? > >You need to add the parameter notestingcookie=1 > >That said, there are potential security risks to doing this - such as the password >being sent over the network in the clear if you aren't using https on both the >Webmin server and the original site. > > - Jamie > > |
From: Jamie C. <jca...@we...> - 2013-05-21 18:16:10
|
The line you need to add to miniserv.conf is : no_testing_cookie=1 On 20/May/2013 22:51 Watson, William <Wil...@ve...> wrote .. > Hi Jamie, > > Thanks for the suggestion, > > Our servers are all set up to use https. I just set this one up with http to play > with. > > I looked through the code and assume miniserv.pl is picking up the notestingcookie > directive from /etc/webmin/miniserv.conf. I set this and restarted the server, > but I still get the message. Where should I set the directive? > > Thanks and regards, > William > > > > >Message: 4 > >Date: Mon, 29 Apr 2013 11:27:55 -0700 (PDT) > >From: "Jamie Cameron" <jca...@we...> > >Subject: Re: [webmin-l] keepass login in session authentication mode > >To: Webmin users list <web...@li...> > >Message-ID: <136...@we...> > > > >On 29/Apr/2013 07:11 Watson, William <Wil...@ve...> wrote > >.. > >> Hi, > >> > >> I am trying to setup keepass to open my webmin sites with firefox using a > >URL > >> something like the following: > >> > >> http://ahost:10000/session_login.cgi?user=auser&pass=apassword > >> > >> But I get the following message even though cookies are enabled: > >> > >> Error - No cookies > >> > >> Your browser does not support cookies, which are required for this web > >server to > >> work in session authentication mode > >> > >> I noticed that there is a cookie called testing () when I open the main login > >> page. > >> > >> How do I get webmin to allow me to login without disabling session > >authentication > >> mode? > > > >You need to add the parameter notestingcookie=1 > > > >That said, there are potential security risks to doing this - such as the password > >being sent over the network in the clear if you aren't using https on both the > >Webmin server and the original site. > > > > - Jamie > > > > > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list |
From: Watson, W. <Wil...@ve...> - 2013-05-22 08:23:10
|
Hi Jamie, Thank you, it works. But as you warned, it seems that passwords are passed in the clear even if https is used. What is the save way to do this? Is https://{USERNAME}:{PASSWORD}@{HOST}:10500/ with session authentication turned off correct??? Thanks and regards, William |
From: Jamie C. <jca...@we...> - 2013-05-22 20:29:21
|
On 22/May/2013 01:22 Watson, William <Wil...@ve...> wrote .. > Hi Jamie, > > Thank you, it works. But as you warned, it seems that passwords are passed in the > clear even if https is used. > > What is the save way to do this? Is https://{USERNAME}:{PASSWORD}@{HOST}:10500/ > with session authentication turned off correct??? That would also work. If you have a link to https://host:10050/session_login.cgi?user=.. , the username and password aren't sent in the clear though. |
From: Andrey R. <anr...@fr...> - 2013-04-29 18:20:13
|
Greetings, Webmin users list! > I am trying to setup keepass to open my webmin sites with firefox using a URL something like the following: > http://ahost:10000/session_login.cgi?user=auser&pass=apassword This is a very, very, very bad idea. > But I get the following message even though cookies are enabled: > Error - No cookies > Your browser does not support cookies, which are required for this web > server to work in session authentication mode > I noticed that there is a cookie called testing () when I open the main login page. > How do I get webmin to allow me to login without disabling session > authentication mode? -- WBR, Andrey Repin (anr...@fr...) 29.04.2013, <22:08> Sorry for my terrible english... |
From: Jamie C. <jca...@we...> - 2013-04-29 18:28:02
|
On 29/Apr/2013 07:11 Watson, William <Wil...@ve...> wrote .. > Hi, > > I am trying to setup keepass to open my webmin sites with firefox using a URL > something like the following: > > http://ahost:10000/session_login.cgi?user=auser&pass=apassword > > But I get the following message even though cookies are enabled: > > Error - No cookies > > Your browser does not support cookies, which are required for this web server to > work in session authentication mode > > I noticed that there is a cookie called testing () when I open the main login > page. > > How do I get webmin to allow me to login without disabling session authentication > mode? You need to add the parameter notestingcookie=1 That said, there are potential security risks to doing this - such as the password being sent over the network in the clear if you aren't using https on both the Webmin server and the original site. - Jamie |