Password timeouts and expiry - Need these options clarifying

OS type and version Ubuntu Linux 22.04.4
Webmin version 2.111
Usermin version 2.010
Virtualmin version 7.10.0
Theme version 21.10
Package updates All installed packages are up to date

On the page Webmin --> Webmin configuration --> Authentication there are some options with no tool tips so I cannot fully figure out how they work:

  • Password timeouts

    • where is the timer set for how long before a password is timed out?
    • is this in reguards to sessions?
    • does this option control all options on this page?
      • if so, should this be renamed Authentication Control or something better as this page controls more than passwords?
  • Password expiry policy

    • Where do you expire the passwords?
    • Where is the option to specify how old a password is before it gets expired?

Block hosts with more than 5 failed logins for 60 seconds.

  • does this mean IP addresses?

Any help explaining these would be appreciated.


Thanks for the heads up!

No, I think Authentication is best. Besides, it has been used for decades.


@Jamie, can you comment on this?

This is a native Linux feature. Check the System ⇾ Users and Groups module.

I did look in this module earlier but there was nothing relevant. the closet I found was

no mention of password expiry.

and obviously password restrictions is not the right thing

edit a user you will see a expiry, but I thought a webmin user where different type of user.

there this as well

1 Like

thanks @Ilia the information is very helpful.

Thanks @stefan1959 I will update my notes.

What do you mean by password timed out though? Do you mean how long till the user is forced to change it?

The relevant section is

Webmin --> Webmin configuration --> Authentication --> Password timeouts


  • i do not know what this option does
  • it implies there are password timers that you can set somewhere
  • there is not tooltip
  • I am a windows guy
  • Proposed solution: Add a tooltip and make sure the option name fits its function
    • if this controls all the options on this page, rename it to something like Authentication Control

also stuck on whast this does

Webmin --> Webmin configuration --> Authentication --> Failed login blocks --> Block hosts


  • does this mean IP addresses?
  • does this mean rDNS?
  • or referrer header?
  • or both?

did you read the arrowed text ?

host will = host … a host has an IP address

I’ll add a tooltip with details on what password timeouts mean, but basically when this is enabled there will be an increasing delay between failed login attempts.

As for the “block hosts” option, it means client IP addresses. I’ll update the text to make this clearer.

1 Like

and if possible, where the timeout values(s) come from

There’s no way to configured the password timeout delays … they are fixed in Webmin

1 Like

i will add this to my notes. thanks

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.