Passwords accepting only 8 characters

[Dream_Th]

Hi,

I recently discovered that on my server no matter how long is the password you set, you only need only 8 characters to login.
Let's say i have set password for root: 1234567890123456 in order to login either in WHM or SSH you need to enter only 12345678 !!!

I can't find anything to fix this so it will accept longer passwords, can anyone help me?

Thank you

 

[Infopro]

I can't repeat this here, what version of cPanel is your server running?

 

[Dream_Th]

I apologize for not including that info

cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9
CENTOS 5.5 x86_64 standard

 

[cPanelDon]

Hi,

I recently discovered that on my server no matter how long is the password you set, you only need only 8 characters to login.
Let's say i have set password for root: 1234567890123456 in order to login either in WHM or SSH you need to enter only 12345678 !!!

I can't find anything to fix this so it will accept longer passwords, can anyone help me?

Thank you

I apologize for not including that info

cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9
CENTOS 5.5 x86_64 standard

Via root SSH access, please provide the output from the following command:

# grep -HnR "^password.*sufficient" /etc/pam.d

There may be an entry that is missing one of either "md5" or "sha512".

 

[Dream_Th]

This is the result of: grep -HnR "^password.*sufficient" /etc/pam.d

/etc/pam.d/system-auth:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
/etc/pam.d/system-auth-ac:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok

 

[cPanelDon]

Via root SSH access, please provide the output from the following command:

# grep -HnR "^password.*sufficient" /etc/pam.d

There may be an entry that is missing one of either "md5" or "sha512".

This is the result of: grep -HnR "^password.*sufficient" /etc/pam.d

/etc/pam.d/system-auth:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
/etc/pam.d/system-auth-ac:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok

For RHEL/CentOS 5 I believe the entry should contain "sha512".
For RHEL/CentOS 4 I believe the entry should contain "md5".

For comparison, here is what I see on two systems that do not exhibit the reported symptom:

# grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
/etc/redhat-release:CentOS release 5.5 (Final)
/var/cpanel/envtype:standard
/etc/pam.d/system-auth:15:password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
/etc/pam.d/system-auth-ac:15:password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok

# grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
/etc/redhat-release:CentOS release 4.8 (Final)
/var/cpanel/envtype:standard
/etc/pam.d/system-auth:14:password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow

In contrast, here is a test system that I found does exhibit the reported symptom:

# grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
/etc/redhat-release:CentOS release 5.5 (Final)
/var/cpanel/envtype:virtuozzo
/etc/pam.d/system-auth:12:password    sufficient    pam_unix.so try_first_pass use_authtok nullok

 

[Dream_Th]

I have made changes to PAM config and here is the output:

 grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^                               password.*sufficient" /etc/pam.d
/etc/redhat-release:CentOS release 5.5 (Final)
/var/cpanel/envtype:standard
/etc/pam.d/system-auth:14:password    sufficient    pam_unix.so sha512 shadow nu                               llok try_first_pass use_authtok
/etc/pam.d/system-auth-ac:14:password    sufficient    pam_unix.so sha512 shadow                                nullok try_first_pass use_authtok

But i'm still encountering the issue, i have even rebooted the server just in case it required to get the changes.

I used command to include the sha512

authconfig --passalgo=sha512 --update

What i'm missing here?

Thank you

 

[cPanelDon]

I have made changes to PAM config and here is the output:

grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^                               password.*sufficient" /etc/pam.d
/etc/redhat-release:CentOS release 5.5 (Final)
/var/cpanel/envtype:standard
/etc/pam.d/system-auth:14:password    sufficient    pam_unix.so sha512 shadow nu                               llok try_first_pass use_authtok
/etc/pam.d/system-auth-ac:14:password    sufficient    pam_unix.so sha512 shadow                                nullok try_first_pass use_authtok

But i'm still encountering the issue, i have even rebooted the server just in case it required to get the changes.

I used command to include the sha512

What i'm missing here?

Thank you

Please try resetting the password of the affected user, then re-test to check for the symptom.

 

[Dream_Th]

I have changed the password countless time BUT i did it through WHM to change the root password, now i changed the pwd through ssh and it works fine. I tried again to change the pwd from WHM still only 8 chars needed

Is there a configuration that i have to made to cpanel also?

 

[cPanelDon]

I have changed the password countless time BUT i did it through WHM to change the root password, now i changed the pwd through ssh and it works fine. I tried again to change the pwd from WHM still only 8 chars needed

Is there a configuration that i have to made to cpanel also?

Instead of SHA512, please try setting MD5, followed by resetting the password via WHM:

# authconfig --passalgo=md5 --kickstart

 

[Dream_Th]

Thank you cPanelDon, MD5 works perfect

Thank you all for support.