The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password Retrieval options for customers

Discussion in 'General Discussion' started by tonedoggydogg, Dec 16, 2007.

  1. tonedoggydogg

    tonedoggydogg Member

    Joined:
    May 22, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    As a hosting company, we are accumulating support tickets for simple password reset requests. This is a function that should be automated as it was before.

    Is there a way to automate the password reset/retrieval feature for our hosting customers?

    It used to be in some sort of /resetpass/ folder. This has apparently been removed since more recent cPanel releases.

    Thanks.
     
    #1 tonedoggydogg, Dec 16, 2007
    Last edited: Dec 16, 2007
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    In WHM -> Server Configuration -> Tweak Settings -> System is Allow cPanel users to reset their password via email checked?
     
  3. tonedoggydogg

    tonedoggydogg Member

    Joined:
    May 22, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Nope

    No it wasn't checked. Thanks for the tip.

    :)
     
  4. aarmstrong

    aarmstrong Member

    Joined:
    Jun 14, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1

    This is an awesome feature for the host administrator but where is this nifty feature for the lowly email users? Is there a way to allow the email users to reset their passwords? This is where 90% of my tech support requests come from.
     
    #4 aarmstrong, Jan 7, 2008
    Last edited: Jan 7, 2008
  5. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Where would the password be emailed in this scenario? Email accounts aren't created with a backup email address to send such information (unlike a cPanel account).

    Generally individual cPanel hosting account owners should be the ones changing the passwords for their mail accounts, not the Sysadmin/Web Hosting Provider.
     
  6. aarmstrong

    aarmstrong Member

    Joined:
    Jun 14, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    How about to the email address that wants the password changed. I have used plenty of systems that allow me to reset my password that send me a temporary password or a confirmation link to reset it to a temporary password which is then emailed to me. I prefer the confirmation link since there is the obvious abuse that a non authorized user clicks reset on my email and it resets it and sends me the new one while breaking any automated email fetching I have going.

    In a "perfect world" the host admin would change this but I live in the real world where many host admins could not admin their way out of a paper sack so dealing with the cpanel interface is out of the question. For these accounts which seem to make up a good percentage of my customers it is left up to the provider to deal with these issues.

    I am also very aware that if they don't know their password they cannot check their email but this is not always the case. Many of my clients have the email password saved in their client but want to access webmail and do not know the password thus calling me to reset it.
     
  7. Metro2

    Metro2 Well-Known Member

    Joined:
    May 24, 2006
    Messages:
    376
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Just out of curiosity - enabling this used to be considered a security issue. Did something change and is it no longer seen as such?
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Sending a password in plain text is generally not such a great idea in terms of security. Email should be considered plain text as soon as it traverses to another server or isn't checked using SSL. Hence this is disabled by default. However, many customers desire this functionality and deem this an acceptable risk - hence it is a tweak setting.
     
  9. tuxfan

    tuxfan Member

    Joined:
    Oct 1, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    between chair and keyboard
    I read lots of links considering this feature as a security risk. But all were pretty old.

    Besides this one risk (sending plain text passwords), is there ANY OTHER risk involved?
     
  10. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    When are we going to see the ability to reset a cpanel account password by using the API? I still can't believe such a basic function is not available.
     
  11. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Actually it just resets the password to something brand new and it only shown in the web interface. The security of the feature has had a significant upgrade in recent versions.
     
  12. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    Where is that email file located? I am noticing missing images in the header all over and would like to make changes.

    *To clarify, I am referring to the email that is sent. How to change its header contents etc.

    Thank you!

     
    #12 Solokron, Jul 7, 2008
    Last edited: Jul 7, 2008
  13. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    So it looks like it is coming from the encrypted file @ /usr/local/cpanel/base/resetpass.cgi

    I found it pulls from unprotected/theme/header.html and footer.html

    The problem I am finding with the coding is the SSL Reset Link: links to the domain via https:// which naturally results in an SSL Secure Connection Failed in all the newer browsers. We need an option to switch this to the hostname of the server or disable the https:// link altogether.
     
    #13 Solokron, Jul 7, 2008
    Last edited: Jul 7, 2008
Loading...

Share This Page