Disabling "password is it is based on a dictionary word..."

chrisjj

Member
Jul 18, 2006
22
0
151
Anyone know how to disable cPanel's "Your password could not be changed because the new password is it is based on a dictionary word, please try again!" bar? Here it is faulty - it rejects words that are not dictionary words. And even rejects a password consisting of a previously acceptable password with a letter added on the end. Dumb.

Thanks.

Chris (cPanel 10.8.2-R119)
 

randomuser

Well-Known Member
Jun 25, 2005
146
0
166
I think cPanel is just passing along the output from the `passwd' command, which is the one used when passwords are changed.

$ passwd
Changing password for user randomuser.
Changing password for randomuser
(current) UNIX password: currentpassword
New UNIX password: dictionary
BAD PASSWORD: it is based on a dictionary word

New UNIX password: dictionary
BAD PASSWORD: it is based on a dictionary word
passwd: Authentication token manipulation error
Using a more complex password should resolve this.
 

chrisjj

Member
Jul 18, 2006
22
0
151
> I think cPanel is just passing along the output from the `passwd' command

No doubt.


> Using a more complex password should resolve this.

Thanks but No, it does not resolve the need to disable the bar.
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
You shouldn't be disabling the bar, it's there for a reason. The reason is that insecure passwords are easily guessed and leave your system open to compromise.

Would you rather the inconvenience of having to deal with a slightly more complex password or the inconvenience of dealing with cleaning your system up after an intrusion?
 

chrisjj

Member
Jul 18, 2006
22
0
151
Actually it seems what I need is a reversion. I find that a password that was allowed until a recent autoupdate. Anyone know where I can find the update log (so to identifiy the original version), and how I can revert to that version?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
You cannot downgrade cPanel to a particular version number (well, you can with cPanel v10.9 but only to a previous v10.9+ install that you've run with the new feature), only to one of the trees, i.e. STABLE, RELEASE, CURRENT, EDGE.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
The cPanel versions don't work that way. There's basically only a single version of cPanel and the different trees are place markers along the way, that cPanel decide. So whatever the version of STABLE will have all changes up to that version number. The changelog is all the public information there is about the different versions. You'd have to contact cPanel directly for anything else.
 

chrisjj

Member
Jul 18, 2006
22
0
151
Thanks. Where do I find the identification of the STABLE and RELEASE builds? http://changelog.cpanel.net/?build=&showall=Linux-x86_64 shows only EDGE and BETA AFAICT.

PS The cPanel UI on this does not fill me with confidence.

"Upgrade [not Update, note] to Latest Version" says

With your current Update Settings [I guess is means Update Config], you will be upgrading to the latest CURRENT (no update) build.

even though the config is set to Never Update rather than Manual...

And what does "CURRENT (no update) build" mean? Just "CURRENT build"?
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
By the way, even if you could revert, you wouldn't want to lock yourself into an old version just for the sake of a feature -- especially when it's a misfeature that has since been corrected.

Truly, it's going to be smarter to work out how to live with a more secure password. Why can't you do that? Is there some technical reason? If you say more perhaps we could help you with some alternative solutions.