This chapter is a short detour away from Webmin to cover a closely related tool called Usermin. The two tools have a lot in common, and are often used together to provide a multi-tiered GUI for users and administrators. The commonalities begin with the fact that both were written and are maintained by Jamie Cameron. They share much of the same codebase, and the operation of Usermin closely parallels that of Webmin. The differences begin with the intention of each. Webmin is primarily for system administrators, and it provides unlimited power to the logged in administrator unless permissions are explicitly restricted. Usermin, on the other hand, is primarily for system users, and the powers of a logged in Usermin user are by default limited to only the permissions of a normal user. Specifically, Usermin provides access to a web-based mail client, a Java file manager applet, SSH configuration and client modules, GnuPG encryption and decryption, mail forwarding, changing passwords, cron jobs, and a simplified web-based command shell.
Usermin prefers to use the PAM authentication mechanism used by most Linux distributions and Solaris. Unfortunately, PAM is not well supported on many Unix variants, or even all Linux versions. For this reason, Usermin will attempt to fall back to directly using the shadow password file if PAM cannot be used for some reason.
PAM is an acronym for Pluggable Authentication Modules. It allows easier integration of a variety of authentication technologies without requiring all authenticating software to be modified to support each authentication type. Modules are available for a vast array of authentication methods, including LDAP, Kerberos, RSA, and Unix passwd and shadow files. It is widely deployed on most major Linux distributions, Solaris versions 2.6 and above, and is available as packages or in source form for FreeBSD and HP-UX.
Because the Usermin modules are so closely related to the modules in Webmin, it would be pointless to cover them in detail here. What the chapter will cover is the Usermin Configuration module in Webmin, document the modules that do diverge from similar Webmin modules or simply do not exist in Webmin, and provide some discussions about using Webmin and Usermin in real environments with examples to help make the best use of them. Compared to Webmin, Usermin is severely limited, but it is just those limitations that make it ideal for a certain class of problem and so those will be the problems that will be discussed along with how Usermin can help solve them. Before we can use Usermin, it will have to be installed. Unlike Webmin, at the time of this writing no major Linux distribution or Unix vendor is including Usermin in its standard installation or offering it as an optional package. This will certainly change in time, and OS vendors may be installing it by the time you read this. Check with your vendor for packages, or simply download it from the Webmin website.