"Usermin -> Allow forgotten password recovery" not stand-alone?

Is “Allow forgotten password recovery” not meant to work for Usermin if it is not enabled for Webmin too (ie, is it a bug, a feature, or some tweak I’ve made that make that not the case for me)?

If I enable “Allow forgotten password recovery” under Webmin → Usermin Configuration (but not for Webmin, or undo it in Webmin and restart Webmin) and restart Usermin, when I visit :20000 and hit the “Forgot Password?” link the login spins around to the reset and the page stays on :20000, but a password reset request fails.

image356×538 14.9 KB

image358×459 14.1 KB

image605×522 30 KB

If I enable “Allow forgotten password recovery” on Webmin too (and restart Webmin) and click "Forgot Password? " it requests the certificate be exempted again (no certificate on this since it’s just a test) but that is because the url that is is visiting has changed to :10000

image319×422 8.72 KB

Twirling around works fine then and the password reset works (with “Go Back” going back to :20000):

image535×552 32.8 KB

image541×549 20.5 KB

Also please remind me if there’s any way to alter the text on the password reset dialogue? These accounts are specifically fully qualified email addresses and using just “ron” does not assume “@testdomain15.com” from the url.

image528×551 23 KB

Ideally I would change “Username” to be “Email address” here:

image326×328 10.8 KB

Also, I would probably be inclined to change the “If your account has a recovery email set…” text as well as that is technically untrue. This password reset mechanism (awesomely) assumes that if you do not have an account recovery email set that it should just email the link to the account that you are resetting (as often people who don’t know their password still have working email on their old computer/phone, etc…)

I realize too that my (proposed) setup is highly specific and not something you would actively support, but appears that that “Go Back” button is not a legitimate “Go Back” button but a “twirler”. I have shimmed in a “Forgot Password” popup if you fail web login to Roundcube which directs you straight to the :20000 (slickly the :20000 automatically shows the little twirl-around automation on the way in):

image701×741 25.6 KB

“Go Back” swirls it back around to the Usermin :20000 login, it does not go back to the page from whence you came. (Just sending that back to :80 or :443 would be the option I’d be after if not back to the original link’s location as users may find themselves confused in an unfamiliar :20000 interface).

Ron