The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password expiration not writing to shadow

Discussion in 'General Discussion' started by AthensMatt, Jun 5, 2015.

  1. AthensMatt

    AthensMatt Member

    Joined:
    Mar 24, 2015
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Athens
    cPanel Access Level:
    Root Administrator
    We have a strict password expiration policy given to us that we must enforce. When looking to confirm that WHM made the changes to password age in the security settings we noticed that the password age in the shadow file is unchanged. We thought this might be due to the user not having changed their password after the password age was set, so we tested this on our cpanel account and again the shadow file remained unchanged.

    1. What file file is WHM writing to when changing the password age?
    2. Does changing the password age also effect those who only ssh or must we make the change in the /etc/shadow file for that?

    Thank you!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. AthensMatt

    AthensMatt Member

    Joined:
    Mar 24, 2015
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Athens
    cPanel Access Level:
    Root Administrator
    Hi Michael,
    Thanks for the help! I did realize that /etc/shadow was utilized for password changes. And for the hosting server it can be used for various other things like changing password age, or the number of days to warn user of an expiring password, or verifying when a password changed.
    Clearly cPanel or WHM is not using shadow, like RHEL does, for this purpose. Only password. So my question is:
    I didn't see anything about this in the link you provided, it seemed more geared towards password strength particularly email passwords.

    I'd like to verify that password age has been changed. AND, if this is this file also used for changing the number of days to warn prior to password expiration, change the warn time?

    Thank you again!

    Matt
     
  4. AthensMatt

    AthensMatt Member

    Joined:
    Mar 24, 2015
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Athens
    cPanel Access Level:
    Root Administrator
    Michael,

    One other question:
    If we were to edit /etc/shadow to set the password age to 90 days so ssh and ftp users would also be restricted to password age policies. If then when the 90 days was reached and the ssh user was notified of password expiration, and then the user does a passwd and changes their password, will that change replicate to all locations it needs to be? I know it will change in /etc/shadow but will it also need to change in other locations for cpanel login to work properly?

    Sorry for all the questions! Trying to get this figured out since about half our users are ssh and sftp only users. Thanks!
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? It's possible this feature is not functioning as expected if the /etc/shadow file is not updating as expected. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page