Directadmin 1.40.2 - Release Candidate 1

[DirectAdmin Support]

Directadmin 1.40.2 - Release Candidate 1
Hello,

DirectAdmin 1.40.2 release candidate 1 is now ready for testing.
There are many new features and fixes in this release.

The full list of changes can be found here:
http://www.directadmin.com/versions.php?version=1.402000

1. Login Keys to allow logins with multiple restricted passwords.
2. Option to let suspended domains allow emails to arrive
3. Security: Improved referer check

Plus many others minor changes. See the full list for more info.

To install this release candidate now, use this guide:
http://help.directadmin.com/item.php?id=408

John

 

[abolfazl201358]

Hello
1.40.3 eternity to eternity, but it was not you have mentioned?

 

[DirectAdmin Support]

It's mentioned here, in the DirectAdmin versions updates section:
http://www.directadmin.com/forum/showthread.php?t=42786

John

 

[ditto]

I am confused about login keys, here http://www.directadmin.com/features.php?id=1298 it say this:

/CMD_LOGIN_KEYS

No link will be provided to Users quite yet, as this is a powerful tool, and testing needs to be done first.
You can access it by manually typing the above URL.

However when I log in DirectAdmin as a regular user, and paste /CMD_LOGIN_KEYS in browsers address bar, I am allowed to gerarate login keys. Is that meant to be like that? I understood it soo that this feature would only be available to admin account and not regular user accounts?

Maybe I should deactivate it until later then ...

 

[DirectAdmin Support]

That's how it's intended. It's allowed for Users to run, but they just won't stumble across it unless they know what they're looking for.
It can be de-activated if you don't wish Users to use it.

John

 

[ditto]

Thank you for clearification. However I sell webhotel as a shared hosting company, and I don't see any reason that my regular end user customers would need to use login keys and the api system. However it would be nice for me as a company to use login keys in WHMCS to increase the security not having to add the passwords there.

So, maybe a feature request: Would you consider adding a option in directadmin.conf to let us disable login keys for regular user accounts, but keep it activated for the main admin user?

I don't see how this will be useefull for my customers, and don't want them to stumble across it, and then have to answer on support queston about this.

 

[DirectAdmin Support]

Hello,

Sure, I'll add an option for Admin's only to the versions system.

For now, the commands.deny can be used for any Users who don't need it.

John