Happy to go diving into the code if necessary, but lower-case alphanumeric passwords work perfectly if Unix User Authentication (acl/edit_unix.cgi) is enabled. The moment I put a capital letter in my password, Webmin refuses to log me in with "Incorrect password". Incidentally, Usermin does not have this bug.
Any ideas where I could start looking?
I checked with a Webmin user, using "Unix authentication", and it seems to work for me, with caps and symbols. I checked with and without a specific PAM config file for the "webmin" service and both look fine.
However, I was not able to log in using the mapping from "unix users" to "webmin users", i.e. without creating a Webmin user first - it refuses the login in any case :|
Is there anything specific with your setup? (or, did it work until a certain version?)
I see that webmin-1.953/miniserv.pl is different from usermin-1.803/miniserv.pl, which is the same as webmin-1.954/miniserv.pl. But I see no changes related to PAM.
Perhaps you could try upgrading the port to 1.954 and see if something changes?
You may also try to create a file named "webmin" in /etc/pam.d, with this content:
auth required pam_unix.so debug
account required pam_unix.so debug
password required pam_unix.so debug
and check syslog (with the debug level enabled) to see if something interesting happens.
OK, I think this is user error (and kinda badly designed PAM auth really).
It checks the password against whichever Webmin user you tell it to imitate.
For example, I have all members of group 'wheel' logging in as user 'admin', so I have to use the 'admin' password with my username. This is probably a bug, but not a FreeBSD issue.
It's not an issue for me- I've just created a user, I was just hoping to have it authenticate using PAM and just give wheel users access to admin.
Thanks for the pointer!