The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Passwords accepting only 8 characters

Discussion in 'Security' started by Dream_Th, Aug 11, 2010.

  1. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I recently discovered that on my server no matter how long is the password you set, you only need only 8 characters to login.
    Let's say i have set password for root: 1234567890123456 in order to login either in WHM or SSH you need to enter only 12345678 !!!

    I can't find anything to fix this so it will accept longer passwords, can anyone help me?

    Thank you
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I can't repeat this here, what version of cPanel is your server running?
     
  3. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    I apologize for not including that info

    cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9
    CENTOS 5.5 x86_64 standard
     
  4. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Via root SSH access, please provide the output from the following command:
    Code:
    # grep -HnR "^password.*sufficient" /etc/pam.d
    There may be an entry that is missing one of either "md5" or "sha512".
     
  5. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    This is the result of: grep -HnR "^password.*sufficient" /etc/pam.d

    Code:
    /etc/pam.d/system-auth:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
    /etc/pam.d/system-auth-ac:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
     
  6. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    For RHEL/CentOS 5 I believe the entry should contain "sha512".
    For RHEL/CentOS 4 I believe the entry should contain "md5".

    For comparison, here is what I see on two systems that do not exhibit the reported symptom:
    Code:
    # grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
    /etc/redhat-release:CentOS release 5.5 (Final)
    /var/cpanel/envtype:standard
    /etc/pam.d/system-auth:15:password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
    /etc/pam.d/system-auth-ac:15:password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
    
    # grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
    /etc/redhat-release:CentOS release 4.8 (Final)
    /var/cpanel/envtype:standard
    /etc/pam.d/system-auth:14:password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
    In contrast, here is a test system that I found does exhibit the reported symptom:
    Code:
    # grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
    /etc/redhat-release:CentOS release 5.5 (Final)
    /var/cpanel/envtype:virtuozzo
    /etc/pam.d/system-auth:12:password    sufficient    pam_unix.so try_first_pass use_authtok nullok
     
  7. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    I have made changes to PAM config and here is the output:

    Code:
     grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^                               password.*sufficient" /etc/pam.d
    /etc/redhat-release:CentOS release 5.5 (Final)
    /var/cpanel/envtype:standard
    /etc/pam.d/system-auth:14:password    sufficient    pam_unix.so sha512 shadow nu                               llok try_first_pass use_authtok
    /etc/pam.d/system-auth-ac:14:password    sufficient    pam_unix.so sha512 shadow                                nullok try_first_pass use_authtok
    
    
    But i'm still encountering the issue, i have even rebooted the server just in case it required to get the changes.

    I used command to include the sha512
    What i'm missing here?

    Thank you
     
  8. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Please try resetting the password of the affected user, then re-test to check for the symptom.
     
  9. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    I have changed the password countless time BUT i did it through WHM to change the root password, now i changed the pwd through ssh and it works fine. I tried again to change the pwd from WHM still only 8 chars needed :confused:

    Is there a configuration that i have to made to cpanel also?
     
  10. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Instead of SHA512, please try setting MD5, followed by resetting the password via WHM:
    Code:
    # authconfig --passalgo=md5 --kickstart
     
  11. Dream_Th

    Dream_Th Member

    Joined:
    May 12, 2004
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Thank you cPanelDon, MD5 works perfect :)

    Thank you all for support.
     
Loading...

Share This Page