Login key to login with a different, more restricted password (SKINS)

Version 1.402


/CMD_LOGIN_KEYS No link will be provided to Users quite yet, as this is a powerful tool, and testing needs to be done first. You can access it by manually typing the above URL. Users can create keys to allow login to their control panel. These keys will act like extra password that are valid on their account. However, the key can be set to only be allowed to run certain commands (similar to commands.allow and commands.deny) The keys can also have an expiry date. They can also be set to have a limited number of executions (eg: 1, 2+, or unlimited) Also added an IP list, so only the specific IPs or Ranges listed are allowed to use that key. The main purpose of this feature is for remote API calls to the account, so that they can much more easily restrict it's use, without giving full access, and without giving the main password. It's important to note, that if you restrict the commands using the allow or deny list, basic login functionality using sessions becomes confusing. For example, if you only all CMD_FILE_MANAGER, this does not include "/", so you must access /CMD_FILE_MANAGER right from the point of login (where you use the login form). The path "/" can't be added. HTM files are also not part of the allowed list (but I may add an exception if the demand is there) Upon key creation, a system message will be delivered to that User, to ensure they know it's been created (in case, for whatever reason, someone managed to create it without them knowing) Their current true password is required for key creation and modification. The api version: CMD_API_LOGIN_KEYS is fully implemented (see the html forms for details) The "Key Name" values are only for your own tracking benefits. They're not used in any fields when logging in. You use your normal DA username, along with the key for the password. Entire feature can be turned on/off with the directadmin.conf option: login_keys=1 where 1 is the internal default (enabled by default) Note that suspending a User will also suspend the login keys (adds the ! character in front of the crypt) ------------ Feb 8th, 2012 - 1.40.3 ** BUG Found ** If you're using the httpd-auth login method (as most APIs do), there is a limit of 40 characters for the keys. If you key value is more than 40 characters (the random button creates 64 character values), then the login will fail. There are fixed binarie in the pre-release section which support the full 64 character length. Session based logins with the keys are not affected by this bug.

Interested to try DirectAdmin? Get a 30-day Free Trial!