usermin icon indicating copy to clipboard operation
usermin copied to clipboard
verified publisher icon webmin

Missing Two-Factor Authentication

Open iliaross opened this issue 10 years ago • 15 comments

Jamie, could ypu please add Two-Factor Authentication to Usermin as well? It should be easy to do and straight forward, as it's big brother already has it?

iliaross avatar Mar 14 '15 07:03 iliaross

It's on my TODO list - but its a bit more complex than adding it to Webmin, as I need a place to store per-user two-factor keys.

jcameron avatar Mar 14 '15 23:03 jcameron

That's great! Thanks, Jamie!

iliaross avatar Mar 15 '15 07:03 iliaross

Jamie, Usermin really is missing two factor authentication. You mean like, where to set up the keys? I think each user should be able to do it using Usermin itself? Probably having separate module which user is gonna have access to to do it. A key could be stored in home directory of each user?

iliaross avatar Apr 14 '15 07:04 iliaross

Hi,

Was curious if this was going to be implemented soon? Thanks!

aaronstpierre avatar Dec 24 '15 05:12 aaronstpierre

+1 Would be great.

iliaross avatar Dec 24 '15 06:12 iliaross

It's on my todo list, but I haven't gotten to it yet.

jcameron avatar Dec 24 '15 07:12 jcameron

Awesome! Thank you Jamie!

aaronstpierre avatar Dec 24 '15 14:12 aaronstpierre

If you are using PAM (which I think is default now) you can use two factor authentication easily - without any changes to usermin.

I am using this https://github.com/google/google-authenticator-libpam

My password that I supply to webmin becomes "passwordNNNNNN", where NNNNNN is google code. (which changes every 30 seconds or so)

Advantage is that it works even with SSH, FTP, POP, IMAP etc.

amishmm avatar May 04 '17 02:05 amishmm

I would also love this option in usermin! We are looking to roll this out to users. Having this feature will help us ensure we are following internal best practices.

ilima-nvps avatar Apr 02 '18 15:04 ilima-nvps

Huh, with that Google Authenticator PAM thingy, Usermin could make the UI more intuitive just by adding a new field for the code, and then appending it to the password when checking it against PAM.

swelljoe avatar Apr 05 '18 20:04 swelljoe

Is that PAM lib available in any OS repositories, yet? Asking people to install from source is messy. We could include a package in the Virtualmin repos, but for folks not using Virtualmin, it'd still be tough to deploy widely.

swelljoe avatar Apr 05 '18 20:04 swelljoe

It available in Arch linux repository. https://www.archlinux.org/packages/community/x86_64/libpam-google-authenticator/

Fedora repo https://fedora.pkgs.org/26/fedora-x86_64/google-authenticator-1.03-1.fc26.x86_64.rpm.html

amishmm avatar Apr 06 '18 01:04 amishmm

This type of authentication is fast becoming a standard......any sign of this being developed further?

pixel-paul avatar Aug 28 '18 07:08 pixel-paul

Missing this really. 2 factor and even more f2u are becoming standard fast. So fast I would consider it a security priority in development.

ghost avatar Jan 26 '19 15:01 ghost

Please do add this if you get the time. Looking to keep my home server safe!!

Thanks for all the crazy great work so far.

Awbmilne avatar Dec 11 '19 18:12 Awbmilne