In Progress [CPANEL-25141] Force password change for users?

[Sarako]

Hi all,

at some point I had enabled the feature that will force cpanel users to change their passwords after 6 months.

Now I can not find where this feature is located, as I want to disable it - well at least temporarily.

Also, when I will restore back this feature, is it possible to apply it only for main cpanel account user and not for the emails?

And certainly, root user shouldn't be asked to reset the password - or at least there should be a way to skip this. Is there a way to not forcing the root to reset email accounts passwords?

 

[Sarako]

OK - after creating the thread and added the title - finally I got similar threads that showed where this option is located : Password Age in Security Policies. Whatever search I did before posting I was getting irrelevant results.

However, I am still interested in the last 2 questions?
Selectively to force password age only for cPanel account user - and do not enforce it on Root user.

 

[cPanelLauren]

Hello @Sarako

I think the answer for both the remaining questions can be found in our documentation:

Also, when I will restore back this feature, is it possible to apply it only for main cpanel account user and not for the emails?

And certainly, root user shouldn't be asked to reset the password - or at least there should be a way to skip this. Is there a way to not forcing the root to reset email accounts passwords?

Force Password Change - Version 78 Documentation - cPanel Documentation

1. It's only changing passwords for cPanel account (not subaccounts such as email accounts)
2. It does not force a root password change

Thanks!

 

[Sarako]

Hi,

thanks for the response.
However - when the Password Age in security policies is enabled - it also asks to update the passwords for email accounts.

Regarding the root user - what I meant is when I am logged in as user and navigating through various cPanel accounts, if the above security policy is enabled and I try to go to the webmail, it will ask me to update the password for that email account if the password age is "expired".

So the case is like this:
- Why is it forcing to update email accounts passwords?
- Why it asks the root user to update the email accounts of cPanel when navigating to individual webmail accounts?

 

[cPanelLauren]

Hi @Sarako

That's a good point you're making. I was able to replicate this by doing the following:

1. I went to WHM>>Security Center>>Configure Security Policies
2. I enabled Password Age and set it to 1 day (to be sure all my passwords would be expired)
3. I was then asked to change the root password (which I updated successfully)
4. I then went to WHM>>Account Information>>List Accounts to access a user account
5. Clicked the cP Icon next to the account I wanted to access to be taken to cPanel and was not asked to change the password
6. Once in cPanel I went to cPanel>>Email>>Email Accounts -> Check email
7. Found that I was unable to go further without changing the Email Account Password.

Because of this, I've reported this as a defect (case CPANEL-25141). I'll update this thread with the outcome as soon as it has an update.

Thanks!