Bug 248573 - sysutils/webmin: PAM login fails if capital letters in password (!)
Summary: sysutils/webmin: PAM login fails if capital letters in password (!)
Status: Closed Not A Bug
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Jimmy Olgeni
URL:
Keywords: needs-qa
Depends on:
Blocks:
 
Reported: 2020-08-10 10:47 UTC by Chris Rees
Modified: 2020-08-16 14:24 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (olgeni)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Rees freebsd_committer 2020-08-10 10:47:03 UTC
Happy to go diving into the code if necessary, but lower-case alphanumeric passwords work perfectly if Unix User Authentication (acl/edit_unix.cgi) is enabled.  The moment I put a capital letter in my password, Webmin refuses to log me in with "Incorrect password".  Incidentally, Usermin does not have this bug.

Any ideas where I could start looking?
Comment 1 Jimmy Olgeni freebsd_committer 2020-08-14 13:47:11 UTC
I checked with a Webmin user, using "Unix authentication", and it seems to work for me, with caps and symbols. I checked with and without a specific PAM config file for the "webmin" service and both look fine.

However, I was not able to log in using the mapping from "unix users" to "webmin users", i.e. without creating a Webmin user first - it refuses the login in any case :|

Is there anything specific with your setup? (or, did it work until a certain version?)

I see that webmin-1.953/miniserv.pl is different from usermin-1.803/miniserv.pl, which is the same as webmin-1.954/miniserv.pl. But I see no changes related to PAM.

Perhaps you could try upgrading the port to 1.954 and see if something changes?

You may also try to create a file named "webmin" in /etc/pam.d, with this content:

auth		required	pam_unix.so debug
account		required	pam_unix.so debug
password	required	pam_unix.so debug

and check syslog (with the debug level enabled) to see if something interesting happens.
Comment 2 Chris Rees freebsd_committer 2020-08-16 14:24:41 UTC
OK, I think this is user error (and kinda badly designed PAM auth really).

It checks the password against whichever Webmin user you tell it to imitate.

For example, I have all members of group 'wheel' logging in as user 'admin', so I have to use the 'admin' password with my username.  This is probably a bug, but not a FreeBSD issue.

It's not an issue for me- I've just created a user, I was just hoping to have it authenticate using PAM and just give wheel users access to admin.

Thanks for the pointer!