Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

In Progress [CPANEL-25044] Force password change for users?

Discussion in 'Security' started by Sarako, Dec 21, 2018.

  1. Sarako

    Sarako Member

    Joined:
    Jun 6, 2017
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Hi all,

    at some point I had enabled the feature that will force cpanel users to change their passwords after 6 months.

    Now I can not find where this feature is located, as I want to disable it - well at least temporarily.

    Also, when I will restore back this feature, is it possible to apply it only for main cpanel account user and not for the emails?

    And certainly, root user shouldn't be asked to reset the password - or at least there should be a way to skip this. Is there a way to not forcing the root to reset email accounts passwords?
     
  2. Sarako

    Sarako Member

    Joined:
    Jun 6, 2017
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    OK - after creating the thread and added the title - finally I got similar threads that showed where this option is located : Password Age in Security Policies. Whatever search I did before posting I was getting irrelevant results.

    However, I am still interested in the last 2 questions?
    Selectively to force password age only for cPanel account user - and do not enforce it on Root user.
     
  3. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,124
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @Sarako

    I think the answer for both the remaining questions can be found in our documentation:
    Force Password Change - Version 78 Documentation - cPanel Documentation

    1. It's only changing passwords for cPanel account (not subaccounts such as email accounts)
    2. It does not force a root password change
    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Sarako

    Sarako Member

    Joined:
    Jun 6, 2017
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Hi,

    thanks for the response.
    However - when the Password Age in security policies is enabled - it also asks to update the passwords for email accounts.

    Regarding the root user - what I meant is when I am logged in as user and navigating through various cPanel accounts, if the above security policy is enabled and I try to go to the webmail, it will ask me to update the password for that email account if the password age is "expired".

    So the case is like this:
    - Why is it forcing to update email accounts passwords?
    - Why it asks the root user to update the email accounts of cPanel when navigating to individual webmail accounts?
     
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,124
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Sarako

    That's a good point you're making. I was able to replicate this by doing the following:

    1. I went to WHM>>Security Center>>Configure Security Policies
    2. I enabled Password Age and set it to 1 day (to be sure all my passwords would be expired)
    3. I was then asked to change the root password (which I updated successfully)
    4. I then went to WHM>>Account Information>>List Accounts to access a user account
    5. Clicked the cP Icon next to the account I wanted to access to be taken to cPanel and was not asked to change the password
    6. Once in cPanel I went to cPanel>>Email>>Email Accounts -> Check email
    7. Found that I was unable to go further without changing the Email Account Password.

    Because of this, I've opened an inquiry with our developers to find out if this is the intended behavior CPANEL-25044. I'll update this thread with the outcome as soon as it has an update.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice