Password Recovery: busted (again, still?)

I’m closing in on a functioning system. One finishing step is empowering users to set their password. Sadly, the webmin-virtualmin-password-recovery module isn’t working as advertised.

  1. GOOD: The pw reset link IS there in usermin
    https://my.dom.ain:20000 shows a login form with a “Forgot your usermin password?” link…

  2. MIXED: the link is to
    https://my.dom.ain:20000/virtualmin-password-recovery/usermin.cgi … with an attribute of
    onclick="javascript:event.target.port=10000"

  3. MIXED: The result of this is to go into virtualmin/webmin – which has a separate login environment.
    a) If I am NOT logged in to virtualmin, I get Another (webmin) login form, and Yet Another forgot-pw link
    b) (Minor) If I’m already logged into virtualmin, it appears as if the forgot-pw link led to the forgot-pw email editor… causing brief confusion for the configuring admin, aka Me :wink: )

  4. BAD, no workaround: No matter what I do, I cannot get to an actual reset-pw form.

I assume this should work such that as long as we/users enter alt-email addresses for each user, then users should be able to provide a login ID, and cause a good PW-reset link to be sent to their alt-email address.

Any hints are most welcome.

SYSTEM INFORMATION
Operating system Debian Linux 10
Webmin version 1.981
Usermin version 1.823
Virtualmin version 6.17-3
Authentic theme version 19.83-2