SOLVED How can you disable two form authentication via root command?

WebHostPro · Mar 28, 2018

I have a customer that set up two form authentication and forgot the details. How do I disable it from the root command line?

cPanelMichael · Mar 28, 2018

Hello,

You can disable two-factor authentication with the following command:

Code:

whmapi1 twofactorauth_disable_policy

Thank you.

WebHostPro · Mar 28, 2018

Thanks for the quick reply!

WebHostPro · Apr 1, 2018

cPanelMichael said:
Hello,

You can disable two-factor authentication with the following command:

Code:

whmapi1 twofactorauth_disable_policy

Thank you.

Oh actually, I ran that and got:

# whmapi1 twofactorauth_disable_policy
---
metadata:
command: twofactorauth_disable_policy
reason: OK
result: 1
version: 1

Yet, it's still there. Is there more I need to do to disable it?

cPanelMichael · Apr 2, 2018

Hello,

Is this for a specific cPanel account? If so, you can use the following UAPI command to disable it for a specific user:

Code:

uapi --user=username TwoFactorAuth remove_user_configuration

The function is documented at:

UAPI Functions - TwoFactorAuth::remove_user_configuration - Developer Documentation - cPanel Documentation

Thank you.

WebHostPro · Apr 2, 2018

cPanelMichael said:
Hello,

Is this for a specific cPanel account? If so, you can use the following UAPI command to disable it for a specific user:

Code:

uapi --user=username TwoFactorAuth remove_user_configuration

The function is documented at:

UAPI Functions - TwoFactorAuth::remove_user_configuration - Developer Documentation - cPanel Documentation

Thank you.

Oh sorry it's for the WHM. It asks for 4 questions to access that where set by the previous webmaster that our customer used. Now the customer can't get in after letting their webmaster go.

cPanelMichael · Apr 3, 2018

WebHostPro said:
Oh sorry it's for the WHM. It asks for 4 questions to access that where set by the previous webmaster that our customer used. Now the customer can't get in after letting their webmaster go.

Hello,

That's actually the Security Questions feature enabled with the Limit Logins to Verified IP Addresses option in "WHM Home » Security Center » Configure Security Policies". We document how to disable this from the command line at:

Configure Security Policies - Version 70 Documentation - cPanel Documentation

Disable security questions via SSH
To disable security questions via the command line, perform the following steps:

Use SSH to log in to your server as the root user.

Open the /var/cpanel/cpanel.config file in your preferred text editor.

Change the value of the SecurityPolicy::SourceIPCheck option to 0.

Save and exit the file.

Run the /scripts/restartsrv cpanel command to restart cPanel & WHM.

Thank you.

WebHostPro · Apr 3, 2018

That did it! Thanks a million

Thread starter	Similar threads	Forum	Replies	Date
H	hell_exec() has been disabled for security reasons	Security	1	Jan 17, 2023
	Possibilities to disable WordPress FileManager and phpMyAdmin plugins	Security	7	Sep 21, 2022
	disable IP addresses NOT assigned accounts	Security	4	Aug 26, 2022
S	In Progress EA-10889 - mod_security disabled by default? Why?	Security	9	Aug 16, 2022
R	Disable TailWatchd for a specific service	Security	1	Jul 1, 2022

Search

Search

SOLVED How can you disable two form authentication via root command?

WebHostPro

Well-Known Member

cPanelMichael

Administrator

WebHostPro

Well-Known Member

WebHostPro

Well-Known Member

cPanelMichael

Administrator

WebHostPro

Well-Known Member

cPanelMichael

Administrator

WebHostPro

Well-Known Member