Hi everyone.
Under fully updated RHEL 7.2 system...
2 servers have that exact same flaw. The 2fa I had setup before installing virtualmin for ssh logins still works fine and only accepts proper codes.
I've tried to setup 2fa with Google Auth on latest virtualmin. After numerous tries at activating, missing modules, trying to install them, installing Moose, Moo outside of virtualmin, testing all requires, strict and warning packages for Authen::OATH, I decided to try, according to one of the many support pages on this forum, to install an old version (1.0.0) of perl-Authen-OATH found on sourceforge...
I could then activate 2fa. And my happiness was short lived because after enrolling users, the webmi
n login page accepts ANY code. So I removed manually the package. Same thing. I then removed Authen::OATH from the list of perl modules from within webmin only to see I can still activate 2fa and it still accepts every code.
So far, I've:
<code>yum install perl-CPAN
perl -MCPAN -e shell
install Bundle::CPANAuthen::OATH is up to date (2.0.0).
reload cpan
install Authen::OATH
as well as install every perl package by hand to receive... every time, for all packages messages like this one:
cpan[3]> install Authen::OATH
Reading '/root/.cpan/Metadata'
Database was generated on Wed, 31 Aug 2016 16:53:29 GMT
Authen::OATH is up to date (2.0.0).
What troubles me is that I removed Authen::OATH from inside webmin, but cpan shell still reports it's installed and up to date.
Can someone help me solve this thing? Where can I look at?
Thanks
Marc.
Comments
Submitted by dukejustice on Wed, 08/31/2016 - 21:19 Comment #1
Submitted by dukejustice on Wed, 08/31/2016 - 21:20 Comment #2
Submitted by dukejustice on Wed, 08/31/2016 - 21:21 Comment #3
Submitted by JamieCameron on Wed, 08/31/2016 - 22:41 Comment #4
Are you sure that 2-factor is enabled globally, in the Webmin Users module, and that the user you're logging in as has enrolled?
Submitted by dukejustice on Thu, 09/01/2016 - 07:53 Comment #5
Yes to all questions.
The problem is that webmin would not activate 2fa while all modules were installed. Painfully checked manually all dependencies. And after I've installed and removed an old perl-authen-oath rpm and remove the core perl package (Authen::OATH) I still can activate 2fa and enroll users.
There clearly is a problem with webmin not being able to recognize what module is installed or not... Then properly use them.
Now, when I want to activate 2fa, it tells me about missing perl module. I let it install to be told:
Digest::HMAC warnings Moo Types::Standard strict Math::BigInt Digest::SHA Module::Build (2 modules missing)when I click fetch missing dependencies, I get:
Scalar::Util Role::Tiny Test::Fatal Exporter Module::Runtime Class::Method::Modifiers Test::More Devel::GlobalDestruction Exporter::Tiny Digest::HMAC warnings Moo Types::Standard strict Math::BigInt Digest::SHA Module::Build (All installed)It'd be important that the first screen would recognize what the second says... All modules are installed.
I also tried issuing
force install Authen::OATH Digest::HMAC Moo Types::Standard Test::More Math::BigInt Digest::SHA Module::Build Scalar::Util Role::Tiny Test::Fatal Exporter Module::Runtime Class::Method::Modifiers Test::More Devel::GlobalDestruction Exporter::Tinyfrom the cpan shell to no availIs there anything I can help you with providing you a list of installed packages or something?
Thanks.
Marc
Submitted by dukejustice on Thu, 09/01/2016 - 08:15 Comment #6
I fixed it.
Here's how:
webmin - others - perl modules
install modules from cpan named I input this string: Authen::OATH Digest::HMAC Moo Types::Standard Test::More Math::BigInt Digest::SHA Module::Build Scalar::Util Role::Tiny Test::Fatal Exporter Module::Runtime Class::Method::Modifiers Devel::GlobalDestruction Exporter::Tiny
I checked both boxes
clicked install
it complained about missing 1 module
selected: make and install
clicked continue with install
activated google 2fa in webmin configuration
registered user
using another browser, tested it'd refuse random key and accept correct one.
Voilà! Maybe I could suggest, humbly so, that a tut be created for last resort guys like me having this problem.
Best regards.
Marc
Submitted by JamieCameron on Fri, 09/02/2016 - 00:33 Comment #7
I'm surprised that you were able to turn on two-factor in Webmin without first having those modules installed and working..
Submitted by dustindauncey on Mon, 11/28/2016 - 02:41 Comment #8
I had this issue too in an previously used server. I posted about it here for reference: https://sourceforge.net/p/webadmin/discussion/600155/thread/ef3248cb/?li...
I then went through with a new server created (not specifically for this purpose or anything) and it happened to work just fine without any issues. Was never quite sure what the root cause or solution was.