Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Passwords accepting only 8 characters

Discussion in 'Security' started by Dream_Th, Aug 11, 2010.

  1. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    Hi,

    I recently discovered that on my server no matter how long is the password you set, you only need only 8 characters to login.
    Let's say i have set password for root: 1234567890123456 in order to login either in WHM or SSH you need to enter only 12345678 !!!

    I can't find anything to fix this so it will accept longer passwords, can anyone help me?

    Thank you
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,443
    Likes Received:
    416
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I can't repeat this here, what version of cPanel is your server running?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    I apologize for not including that info

    cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9
    CENTOS 5.5 x86_64 standard
     
  4. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,554
    Likes Received:
    9
    Trophy Points:
    168
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Via root SSH access, please provide the output from the following command:
    Code:
    # grep -HnR "^password.*sufficient" /etc/pam.d
    There may be an entry that is missing one of either "md5" or "sha512".
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    This is the result of: grep -HnR "^password.*sufficient" /etc/pam.d

    Code:
    /etc/pam.d/system-auth:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
    /etc/pam.d/system-auth-ac:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
     
  6. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,554
    Likes Received:
    9
    Trophy Points:
    168
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    For RHEL/CentOS 5 I believe the entry should contain "sha512".
    For RHEL/CentOS 4 I believe the entry should contain "md5".

    For comparison, here is what I see on two systems that do not exhibit the reported symptom:
    Code:
    # grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
    /etc/redhat-release:CentOS release 5.5 (Final)
    /var/cpanel/envtype:standard
    /etc/pam.d/system-auth:15:password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
    /etc/pam.d/system-auth-ac:15:password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
    
    # grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
    /etc/redhat-release:CentOS release 4.8 (Final)
    /var/cpanel/envtype:standard
    /etc/pam.d/system-auth:14:password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
    In contrast, here is a test system that I found does exhibit the reported symptom:
    Code:
    # grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
    /etc/redhat-release:CentOS release 5.5 (Final)
    /var/cpanel/envtype:virtuozzo
    /etc/pam.d/system-auth:12:password    sufficient    pam_unix.so try_first_pass use_authtok nullok
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    I have made changes to PAM config and here is the output:

    Code:
     grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^                               password.*sufficient" /etc/pam.d
    /etc/redhat-release:CentOS release 5.5 (Final)
    /var/cpanel/envtype:standard
    /etc/pam.d/system-auth:14:password    sufficient    pam_unix.so sha512 shadow nu                               llok try_first_pass use_authtok
    /etc/pam.d/system-auth-ac:14:password    sufficient    pam_unix.so sha512 shadow                                nullok try_first_pass use_authtok
    
    
    But i'm still encountering the issue, i have even rebooted the server just in case it required to get the changes.

    I used command to include the sha512
    What i'm missing here?

    Thank you
     
  8. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,554
    Likes Received:
    9
    Trophy Points:
    168
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Please try resetting the password of the affected user, then re-test to check for the symptom.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    I have changed the password countless time BUT i did it through WHM to change the root password, now i changed the pwd through ssh and it works fine. I tried again to change the pwd from WHM still only 8 chars needed :confused:

    Is there a configuration that i have to made to cpanel also?
     
  10. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,554
    Likes Received:
    9
    Trophy Points:
    168
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Instead of SHA512, please try setting MD5, followed by resetting the password via WHM:
    Code:
    # authconfig --passalgo=md5 --kickstart
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    Thank you cPanelDon, MD5 works perfect :)

    Thank you all for support.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice