Disabling "password is it is based on a dictionary word..."

[chrisjj]

Anyone know how to disable cPanel's "Your password could not be changed because the new password is it is based on a dictionary word, please try again!" bar? Here it is faulty - it rejects words that are not dictionary words. And even rejects a password consisting of a previously acceptable password with a letter added on the end. Dumb.

Thanks.

Chris (cPanel 10.8.2-R119)

 

[randomuser]

I think cPanel is just passing along the output from the `passwd' command, which is the one used when passwords are changed.

$ passwd
Changing password for user randomuser.
Changing password for randomuser
(current) UNIX password: currentpassword
New UNIX password: dictionary
BAD PASSWORD: it is based on a dictionary word
New UNIX password: dictionary
BAD PASSWORD: it is based on a dictionary word
passwd: Authentication token manipulation error

Using a more complex password should resolve this.

 

[chrisjj]

> I think cPanel is just passing along the output from the `passwd' command

No doubt.


> Using a more complex password should resolve this.

Thanks but No, it does not resolve the need to disable the bar.

 

[brianoz]

You shouldn't be disabling the bar, it's there for a reason. The reason is that insecure passwords are easily guessed and leave your system open to compromise.

Would you rather the inconvenience of having to deal with a slightly more complex password or the inconvenience of dealing with cleaning your system up after an intrusion?

 

[chrisjj]

The latter, thanks.

 

[chirpy]

You'll have to put in an enhancement request into bugzilla if you want that to change and ask others to vote on it.

 

[chrisjj]

Actually it seems what I need is a reversion. I find that a password that was allowed until a recent autoupdate. Anyone know where I can find the update log (so to identifiy the original version), and how I can revert to that version?

 

[chirpy]

You cannot downgrade cPanel to a particular version number (well, you can with cPanel v10.9 but only to a previous v10.9+ install that you've run with the new feature), only to one of the trees, i.e. STABLE, RELEASE, CURRENT, EDGE.

 

[chirpy]

The cPanel versions don't work that way. There's basically only a single version of cPanel and the different trees are place markers along the way, that cPanel decide. So whatever the version of STABLE will have all changes up to that version number. The changelog is all the public information there is about the different versions. You'd have to contact cPanel directly for anything else.

 

[chrisjj]

Thanks. Where do I find the identification of the STABLE and RELEASE builds? http://changelog.cpanel.net/?build=&showall=Linux-x86_64 shows only EDGE and BETA AFAICT.

PS The cPanel UI on this does not fill me with confidence.

"Upgrade [not Update, note] to Latest Version" says

With your current Update Settings [I guess is means Update Config], you will be upgrading to the latest CURRENT (no update) build.

even though the config is set to Never Update rather than Manual...

And what does "CURRENT (no update) build" mean? Just "CURRENT build"?

 

[brianoz]

By the way, even if you could revert, you wouldn't want to lock yourself into an old version just for the sake of a feature -- especially when it's a misfeature that has since been corrected.

Truly, it's going to be smarter to work out how to live with a more secure password. Why can't you do that? Is there some technical reason? If you say more perhaps we could help you with some alternative solutions.