Random-pass for create-domain?

This might be a feature request. I can create-user with --random-pass but no such functionality exists for create-domain unless I am missing it. Is there one that I am missing (or an obvious work-around)?

Thanks

SYSTEM INFORMATION
OS type and version Ubuntu 24.04.1
Virtualmin version 7.20.2

Create for domain? I thought there was only a username and password for the virtual server owner accounts.

Can you tell me where the input box for entering this password is and give a screenshot would help.

That’s what I mean I think… for the domain’s owner account, so:

virtualmin create-domain --domain [domain] --user [domain-owner] --pass ‘[domain-owner-password]’ --web --mail --dns --spam --virus --dir --webmin --unix --quota 31457280 --uquota 31457280

Does not seem to have a --random-pass option for the create-domain’s user. (virtualmin create-user has such an option).

Where would you expect the password to be presented to you?

image

This does not make sense, this is the GUI.

You are creating virtual server using the command line, if the API sets the random password for it, how would you know what it is? Are you expecting to copy the password from the terminal into a text file?

The box above you have shown will not show you the password.

You should be using the option to have all passwords hashed so Virtualmin would never be able to tell you what the password is (ignore the MariaDB password thing for now)

I don’t expect the command line to report the password to me, only to retrieve it from the GUI if I ever needed it on a domain basis, which I do not anticipate. (I would add additional admins for domain owners, with login names they would understand.)

create-user random-pass does not report the password either:

virtualmin create-user --domain rontest.net --user bigron --random-pass --shell /dev/null --quota 3145728
User bigron@rontest.net created successfully

Except in the GUI:

image

I am asking about adding the same function to create-domain’s user.

I think this is during the use of the API to create a domain. (there is no such option) because otherwise how would you or any one ever know what it is?
So no point. because someone needs to know the Admin password when you create with the GUI it is there and created for you (if you want)

I understand what you want. You want to use the API/Command-line to create new virtual servers with a random password but then this password would be able to vie in the GUI when you needed it at some point in the future.

This is very bad and will never happen. Well, I would not want it :smile:

If this screenshot is of a live system your passwords must be stored un-hashed. All new Virtualmin installations all use hashed passwords.

Storing plaintext passwords in a database is bad security because if you get compromised they have everyone’s details.

As above, I would click on it if I wanted to know it:

image

Though I don’t think that not-knowing it would be an issue because I can login the main server user, and the domain owners can be added as extra admins.

This is a new install of Virtualmin. Hashed or plaintext is an option:

This would be for a mail-only server. Mail users are forever forgetting their passwords or requiring support to sort out some issue or other for them. Resetting the password can be a real challenge because the mail account is on their computer and their phone and their tablet, and now you’ve changed it since they don’t remember it and the tablet is now checking it with the wrong/old password and now they are fail2banned from the server, etc… and once that’s all sorted it seems fine for three months till they need the printer to auto-mail something and it’s not working and now they don’t remember the new password… and all they called for was to have some small thing checked.

Not everyone is young or bright or computer savvy. I agree about it being inadvisable security policy, but customer service is a big issue too.

I 100% feel your pain, I have been in IT for a while, users are lazy. the mobile phone that uses IMAP causing IPs to get blocked is a real pain when you change credentials.

I once made it so all a user had to do to back their whole computer up was to plug in an external harddrive and then unplug it when finished. In the whole year they had it before I came back because their hard drive had failed, they had run the backup a total of zero times and they wondered where their stuff was when I was finished :smile:

What I would do is use a password manager such as Bitwarden. Login with the details to webmin or usermin and then this stores the credentials securely which canall be searched.

You can also use a spreadsheet.

Depending where you live storing passwords un-hashed is probably not legal (PCI compliance etc…)

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.