marcoDigistate
New member
- Joined
- Apr 17, 2026
- Messages
- 1
Hi All,
We are trying to solve the following problem that both we and our customers run into:
Due to ISO 27001 requirements, every person who needs admin access to our DirectAdmin setup must have their own account on each server. Each admin is required to configure two-step authentication.
We create these admin accounts via Ansible and can configure most settings, except for two-step authentication, since this must be completed by the admin themselves.
The issue is that the responsibility now lies with the individual admin, and configuring two-step authentication is often ignored or forgotten. Of course, we could address this by creating a procedure and performing regular checks on each admin, but that adds extra work—and I have better things to do than manually checking my colleagues. Furthermore, it is not always clear to users that a two-step authentication option even exists.
As far as I know, there is currently no way to force or prompt the admin (or user) to configure two-step authentication upon login. With Ansible, I can set twostep_auth= to yes in the user.conf, but this breaks things since no key has been configured for the user. Pre-configuring a TOTP key for each admin on every server is insecure, and it would also require storing those keys somewhere else, which is equally undesirable.
It would be great if there were an option like twostep_auth_force= in the directadmin.conf file, with values such as:
0 = Disable
1 = Force setup of two-step authentication upon login
2 = Redirect to two-step setup upon login, but allow skipping
Or is there a way to achieve something like this that I may have overlooked?
We are trying to solve the following problem that both we and our customers run into:
Due to ISO 27001 requirements, every person who needs admin access to our DirectAdmin setup must have their own account on each server. Each admin is required to configure two-step authentication.
We create these admin accounts via Ansible and can configure most settings, except for two-step authentication, since this must be completed by the admin themselves.
The issue is that the responsibility now lies with the individual admin, and configuring two-step authentication is often ignored or forgotten. Of course, we could address this by creating a procedure and performing regular checks on each admin, but that adds extra work—and I have better things to do than manually checking my colleagues. Furthermore, it is not always clear to users that a two-step authentication option even exists.
As far as I know, there is currently no way to force or prompt the admin (or user) to configure two-step authentication upon login. With Ansible, I can set twostep_auth= to yes in the user.conf, but this breaks things since no key has been configured for the user. Pre-configuring a TOTP key for each admin on every server is insecure, and it would also require storing those keys somewhere else, which is equally undesirable.
It would be great if there were an option like twostep_auth_force= in the directadmin.conf file, with values such as:
0 = Disable
1 = Force setup of two-step authentication upon login
2 = Redirect to two-step setup upon login, but allow skipping
Or is there a way to achieve something like this that I may have overlooked?