11.32.2 - Security Policy Handling Failed

Serra

Well-Known Member
Oct 27, 2005
272
21
168
Florida
I'm having a couple of issues with 11.32.2 which loaded to my servers last night. (Which I was waiting for to fix an issue, which that issue appears to be fixed).


First, last week I turned on the security policy that says: Security Policy Items: Password Strength and set it to 60. There was a password strength issue that caused concern, unrelated to this.

Today 11.32.2 loaded and now every user with a weak password is being forced to update their password to one that meets the strength requirement. As you can imagine, that's generating a lot of calls! (This comes unexpectedly after a week of no problems)

However, the issue is that one account is getting an error "Security Policy Handling Failed" when they try to go into webmail. Turning off the security policy fixes the issue, but updating the password nor anything else seems to allow this user to access their mail.

Currently, I've had to turn off the security policy to allow this user to access their mail. Anyone else seeing this?
 

Infopro

Well-Known Member
May 20, 2003
17,076
524
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
As you can imagine, that's generating a lot of calls!
The result though is making your server and all its users on it, more secure. Calls I'd be happy to take and go thru.


However, the issue is that one account is getting an error "Security Policy Handling Failed" when they try to go into webmail. Turning off the security policy fixes the issue, but updating the password nor anything else seems to allow this user to access their mail.
You might check your logs to see why they're not getting in.
 

Serra

Well-Known Member
Oct 27, 2005
272
21
168
Florida
I changed my policy handling to upped the security level a tiny bit to make the passwords a bit more secure. Unfortunately, the system hit my own password. NOTE: Passwords are only updated when the user uses webmail. My password is a set of random numbers and letters with caps. The system said it wasn't a level of 50. (Which is insane... but that is another issue).

I found that if the user gets the change password prompt and then decided NOT to change passwords and hits logout. (Like he is the system admin and just doesn't want to bother) The user will get the "Security Policy Handling Failed" message no matter what they do trying to login.

Per above, its the error is in a 'log'... so as helpful as that sounds, its better to restart cPanel which cures the problem.
 

Serra

Well-Known Member
Oct 27, 2005
272
21
168
Florida
Still a problem! Last month I moved to a new server and forgot to set the security level. So yesterday I set it to 60. My password for my personal email only clears the 50 level, so I got the change password screen again. Since I didn't want to do that, I closed the tab and set the security level down to 50.

Of course, then when I tried to login, I got: "Security Policy Handling Failed".

There is NO WAY to get rid of that message that allows the user to login again, short of restarting cPanel.

So, just to be clear. Any user who is presented with a password change screen who doesn't change their password, will be locked out until cPanel is restarted