The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mass password change for all cPanel accounts?

Discussion in 'General Discussion' started by mm1250, Sep 30, 2009.

  1. mm1250

    mm1250 Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    I have a server with about 200ish cPanel accounts and I need to do a mass password change. Is there an easy way to accomplish this without having to update them 1-by-1?
     
  2. kbuser

    kbuser Well-Known Member

    Joined:
    Aug 25, 2008
    Messages:
    66
    Likes Received:
    2
    Trophy Points:
    8
    I'm not aware of any built in functionality to do this, but you could write a script to do it using the xml-api.

    Are the passwords going to be unique entered on a case by case basis, all the same (bad idea), or something unique but random?
     
  3. kbuser

    kbuser Well-Known Member

    Joined:
    Aug 25, 2008
    Messages:
    66
    Likes Received:
    2
    Trophy Points:
    8
  4. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    with the wide spread of iframe attacks and users keeping stupid passwords i think a feature like password policy which forces users to change their password once a month old would be great.

    This would certainly enhance the security of accounts.
     
  5. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    This functionality is currently being considered for implementation. Internal Case 33582.
     
  6. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    thanks for sharing the info.

    Everytime we get a complaint for iframe injected account its mostly the case of leaked password, either the client used infected system, hates anti-virus thinking it will slow down his computer, or he accessed ftp using a public access (cafe, etc) but never cares to change his password.

    with such a feature it will certainly force users to have better security cause.

    Minimum cpanel password strength would ensure he avoids simple passwords.
    and compulsary change would ensure that if his reseller provided him with password like website123, its changed whenever he's prompted.

    lastly if the feature includes a option in root whm to "force this user to change password on next logon" it will go a extra mile in security.

    Thanks again for the information.
     
  7. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    It is already possible to specify a minimum password strength for various passwords. Look for the feature WHM's security center.

    cPanel 11.25.1 will have a password aging feature. Once enabled and configured it will force the user to change the password after the day threshold is met.
    [/quote]

    That is not under consideration at this time.
     
  8. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    414
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Just curious..how do you force them?
    Will it warn them that failing to choose a new password will lock the account or something?
     
  9. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    After successful authentication, and before displaying the cPanel interface, user is presented a Change Password page.

    If user attempts to cancel the password change, he is logged out of cPanel.

    Hence once password age threshold is met or exceeded the user must change his password before being able to access cPanel.

    The interfaces are still in flux, but will inform the user why he is being forced to change his password and why he cannot bypass the request.
     
  10. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    414
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Thanks Kenneth, I was hoping it was something like that.
    Keep them fools from just clicking "cancel" or closing the popup!
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Important cPanel/WHM Version Number Designation Change

    Please Note: Important cPanel/WHM Version Number Designation Change

    As of July 28, 2010 the cPanel/WHM version number designations have been officially changed.

    Version 11.25.1 is now designated 11.28 and version 11.25.2 is now designated 11.30.

    These new changes were explained in some detail recently at the July 2010 - Quarterly Road map - Webinar direct from cPanel's PodCast Studio in Houston, Texas with speakers David Grega and Mario Rodriguez.

    An official press release about these changes is forthcoming and can be accessed at this link as soon as it's made available to the Forum Team:
    Important cPanel/WHM Version Number Designation Change (To be updated)

    This post serves to update users who are subscribed to threads (where this message is posted) looking forward to upcoming enhancements in future versions of cPanel.
     
  12. Host4u2

    Host4u2 Well-Known Member

    Joined:
    Mar 24, 2002
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    When and where in cPanel/WHM, will "Forced Password Change" be available?

    The bank forces you to change password every 90 days before logging in. How hard is it to force a password change for users on a cpanel account, like every 90 days, or whenever the admin decides is a good time to do it?

    I believe this is an important security measure in today's web environment!
     
  13. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    This is currently in version 11.27 which will become version 11.28 when it is production worthy.

    To configure this, go to WHM -> Security Center -> Configure Security Policies. Check the checkbox for Password Age. The default setting for maximum password age is 90 days. That's all you will need to do to force cPanel/WHM users to change their passwords periodically.

    I also recommend enabling the other security policies as well: "Limit logins to verified IP Addresses" and "Password Strength."
     
  14. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    In addition to the functionality David mentioned, cPanel 11.28 will allow a forced password change. This is provided via the Force Password Change interface in WHM. All users, or only select users, can be forced to change their password at next login.
     
  15. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This is great news. Set stronger password requirements, and then force all users to set a new password. :)

    Some won't be happy I'll bet, but it'll help security wise for sure.
     
Loading...

Share This Page