Disable WebUI Login

#1

Is there a way to disable the login requirement for the Web-UI? I currently have Mineos sitting behind a webportal that has its own authentication, and it is somewhat inconvenient to have to log in at two layers.

#2

MineOS’s curent setup and webauth do not support single-signon.

MineOS’s WebUI also depends on the systems user management, so it needs to be logged in as a user on the MineOS system (usually the “mc” user).

If a single-single signon system was implemented, and added to the WebUI you could pass on a signon between the systems. As I said, this is in the current version not supportetd as far as I know. It is possible this may be included in the next genertaion of MineOS, but the current generation is for the most part in feature freeze as development (beside debugging).

#3

Thank you for the information. Here is hoping the next generation supports the single sign on use case. Or at least provides a way to disable the authentication for the webui.

#4

You could use a password manager browser extension, such as LastPass. That’s what I do. And for sites like this, where security isn’t a major concern for my use case, I have it automatically fill in the username and password and login for me.

Remember though, ease-of-use is usually a sacrifice for security or vice versa. And rule number one of computer security is that you are only as secure as your location. Think about who has access to your keyboard if you’re not there to guard it.

#5

@jalaud I already have mineos behind a secure login, using docker traefik and organizr. The only issue is that the builtin mineos login adds an unneeded extra layer of login, and a separate place to managed credentials.

#6

Will this stop people from logging into your webui, simply knowing your IP?

How is traefik or organizr keeping your servers safe from manipulation when people know it exists?

Well, at any rate, the user login is kinda essential to the webui for pretty much every other use case, so there isn’t any real clean way of dividing up the two. I’m not seeing any real good way to remove the login without making inadvertent, unexpected changes elsewhere.