Added two-factor authentication, i think last access, but not 100%. Anyway, 2fa is failing about Authen::OATH

tommack · September 14, 2023, 12:47am

If I install CPAN OATH, it will let me log in.

Ilia · September 14, 2023, 8:12am

I’m more interested to see the output of:

perl -I/usr/libexec/webmin/vendor_perl -e "use Authen::OATH;"

… before anything from CPAN is installed. Could you do that for me?

tommack · September 14, 2023, 7:19pm

No return. i put a space between the -I and /usr and still nothing.

Still locate:
[tom@mail ~]$ sudo locate OATH
/usr/libexec/usermin/vendor_perl/Authen/OATH.pm
/usr/libexec/webmin/vendor_perl/Authen/OATH.pm

[tom@mail ~]$ sudo perl -I/usr/libexec/webmin/vendor_perl -e “use Authen::OATH;”
[sudo] password for tom:
[tom@mail ~]$ sudo locate OATH
/usr/libexec/usermin/vendor_perl/Authen/OATH.pm
/usr/libexec/webmin/vendor_perl/Authen/OATH.pm
[tom@mail ~]$ sudo perl -I /usr/libexec/webmin/vendor_perl -e “use Authen::OATH;”
[tom@mail ~]$

Ilia · September 14, 2023, 7:44pm

If there is no output it means that everything is working as expected.

However, you say it don’t? What exactly happens if you go to Webmin ⇾ Webmin Configuration: Two-Factor Authentication page, select Google Authenticator and hit save. What exact error do you get? Can you provide screenshots?

tommack · September 14, 2023, 8:01pm

Warning!
Two-factor authentication failed : Missing Perl module Authen::OATH
Webmin
Two-factor authentication has been enabled for this user to login

Token

I can’t login.

Can I disable 2fa via command line?

tommack · September 14, 2023, 8:12pm

From my other server “ns1”:
[tom@ns1 ~]$ perl -I/usr/libexec/webmin/vendor_perl -e “use Authen::OATH;”
[tom@ns1 ~]$ perl -I /usr/libexec/webmin/vendor_perl -e “use Authen::OATH;”
[tom@ns1 ~]$ sudo locate OATH
[sudo] password for tom:
/usr/libexec/webmin/vendor_perl/Authen/OATH.pm
[tom@ns1 ~]$

This one is working with 2fa.

tommack · September 14, 2023, 8:23pm

Could there be a conflict between:
/usr/libexec/usermin/vendor_perl/Authen/OATH.pm
/usr/libexec/webmin/vendor_perl/Authen/OATH.pm

Because i am not using usermin on my ns1 and ns2 hosts.

[tom@ns1 ~]$ sudo locate OATH
[sudo] password for tom:
/usr/libexec/webmin/vendor_perl/Authen/OATH.pm

tommack · September 14, 2023, 8:33pm

Here is /var/log/messages from past whenever…
messages.log (1.2 MB)

tommack · September 14, 2023, 8:40pm

I’m going to have to change my DNS for a domain if can’t access the control panel, so I will probably just install CPAN to get that done if there isn’t a prompt resolution. I need an email address set up which I can’t do without Webmin access but I could do alternatively by using my host MX.

I would expect to have had questions about actual code references for why this isn’t working. At least a comparison of Perl scripts. There is obviously a call that is bad in the web coding for 2fa. Which files can I send you to compare?

I could do the code analysis, but I bought the premium support so I don’t have to.

Ilia · September 14, 2023, 9:12pm

If you apply this patch how does the actual error message looks like? Can I see the screenshot?

Ilia · September 14, 2023, 9:44pm

I can now also see that we haven’t removed perl-Authen-OATH package from the Virtualmin repos!

@Joe, you should remove perl-Authen-OATH package from the Virtualmin repos because this Perl package is bundled with Webmin.

Joe · September 14, 2023, 9:52pm

If the package causes problems, then it’s a bug (in Webmin, not the repo). It should never be a problem to also have a package installed of a given Perl module.

Ilia · September 14, 2023, 10:35pm

It’s not causing any issues! It’s simply redundant.

Jamie · September 15, 2023, 1:51am

@tommack can you try applying this patch : Show full error if Authen::OATH cannot be loaded · webmin/webmin@2e8000d · GitHub

Then try logging in again, and post the full error message you get, which should show more details about why twofactor is failing.

Ilia · September 15, 2023, 1:06pm

@Jamie, $@ won’t be printed as part of <pre></pre> from your latest patch! Besides, it won’t look nice with the new bubble in error messages. We would need to capture $@ immediately.
Anyway, I have fixed all of that in the latest patches, and also fixed a few minor bugs I introduced some time ago. Now, if a new $main::error_last_eval is set, then error() function will display a nice HTML accordion and will include the full error message, e.g.:

If $main::error_last_eval isn’t set explicitly then the file and line (this time correctly) will be shown in the bubble, e.g.:

@tommack Don’t apply any of the patches we mentioned recently. It’s just too much to apply. Instead, you can try this devel build of Webmin which would include all recent changes.

Please let us know which error message do you see then by sharing a screenshot.

tommack · September 15, 2023, 7:09pm

OK, so we are all in agreement, I will install the RPM posted above?
I have not touched the system since I did the restore.

Ilia · September 15, 2023, 7:21pm

Don’t install perl-Authen-OATH package… Just upgrade with the devel Webmin package suggested above. Then go to Webmin Configuration / 2FA page and try to activate it, and then post the error.

tommack · September 15, 2023, 7:36pm

Installed, still getting:
Warning!
Two-factor authentication failed : Missing Perl module Authen::OATH

Here is the log from the install:
webminins.zip (1.7 KB)

Ilia · September 15, 2023, 7:36pm

What is the output of webmin -v command?

tommack · September 15, 2023, 7:37pm

Failed to open /etc/webmin/miniserv.conf

Sorry forgot to sudo:

2.102

There were def problems with the install.