How to disable two factor authentication in Webmin

Todd picture Todd · Mar 27, 2014 · Viewed 11k times · Source

I have Webmin installed on 5 or 6 servers but a few months back decided to install two-factor authentication for logging into Webmin using Google Authenticator app on my phone.

To my surprise, I lost all my tokens in the Google Authenticator app when I changed phones. This actually happen to me twice. I have rebuilt everything everywhere else but can no longer log into Webmin on this one server.

I tried searching Google to death but no answers. I tried uninstalling Webmin and re-installing using RPM.

After re-installing Webmin it just keeps the same settings which means I still need the Google Auth token which is no longer on my phone.

Any ideas?

Should I try to break the Oauth module I think it needs to work or will this cause me more problems?

Answer

Todd picture Todd · Mar 27, 2014

Fond this here: http://sourceforge.net/p/webadmin/discussion/600155/thread/512d81e9/

Go into this file /etc/webmin/miniserv.conf, delete this line: twofactor_provider=totp

And, in /etc/webmin/miniserv.users, there is this line. root:x:0:::::::0:0:totp:HBL7W4RTG8T6FG8W:

I just deleted the totp so the line read: root:x:0:::::::0:0::HBL7W4RTG8T6FG8W:

Saved the file and restarted webmin: service webmin restart.

I could then log back in with un/pw and generated my QR code.