The Lost Password Email
DirectAdmin contains a feature to let users reset their passwords, but this feature is disabled by default.
lost_password=0
When enabled, a user can click the "Lost Password?" link on the login page and DirectAdmin will mail them a link to click with a confirmation code, which is sent back to DA when the link is clicked. Then, DirectAdmin sends them a new random password to the same email address. Note that the code link expires automatically after two hours if not clicked.
KnownHost recommends changing this password immediately upon regaining access as it is sent via email and this should be considered insecure. This password should be treated only as a temporary means of access.
With this feature, one can report to the admin when they did not initiate the request via the "report" link, which upon clicking, all admins will be notified of the IP address from which the false attempt originated.
How To Enable via DirectAdmin
Log in as the 'admin' user. Navigate to "Administrator Settings" and click the "Security Settings" tab. Then, click the option "Enable Automatic Lost Password Recovery".
How To Enable via CLI
Log in to SSH as the root user and run the following command:
/usr/local/directadmin/directadmin set lost_password 1 restart
That's all that must be done to enable password resets via CLI! :)
