The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

copy encrypted cpanel login credentials

Discussion in 'Security' started by craigedmonds, Oct 19, 2013.

  1. craigedmonds

    craigedmonds Well-Known Member

    Joined:
    Oct 29, 2007
    Messages:
    107
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Europe
    cPanel Access Level:
    Root Administrator
    Twitter:
    I am writing a bash script in order to lock down wordpress with htpasswd method.

    The script requires me to write htpasswd compatible credentials to a .htpasswd file. Currently I am putting in the username and a random password which works fine but would be easier for the end user if I could drop their cpanel login details to that file instead so they can enter in their cpanel details when they are prompted to login.

    Is it possible to copy the cpanel login credentials from somewhere for a user and copy the encrypted credentials to the .htpassd file?
     
  2. Sys Admin

    Sys Admin Well-Known Member

    Joined:
    Apr 29, 2007
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I discourage doing it in this way, It's highly insecure. However, CentOS and Redhat uses MD5 encryption by default. You can double check the file at /etc/login.defs and to do it you can just code the script to extract the entries for that specific user from /etc/shadow and to put it in their own .htpasswd , Again, This is insecure and is a bad and dangerous practice.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I have moved this thread to the "Security" forum. You should get more input about this topic here. To note, it's likely a better idea to provide the user with credentials that are different than their cPanel username/password.

    Thank you.
     

Share This Page