Passwords accepting only 8 characters

Dream_Th

Member
May 12, 2004
12
0
151
Hi,

I recently discovered that on my server no matter how long is the password you set, you only need only 8 characters to login.
Let's say i have set password for root: 1234567890123456 in order to login either in WHM or SSH you need to enter only 12345678 !!!

I can't find anything to fix this so it will accept longer passwords, can anyone help me?

Thank you
 

Dream_Th

Member
May 12, 2004
12
0
151
I apologize for not including that info

cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9
CENTOS 5.5 x86_64 standard
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
Hi,

I recently discovered that on my server no matter how long is the password you set, you only need only 8 characters to login.
Let's say i have set password for root: 1234567890123456 in order to login either in WHM or SSH you need to enter only 12345678 !!!

I can't find anything to fix this so it will accept longer passwords, can anyone help me?

Thank you
I apologize for not including that info

cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9
CENTOS 5.5 x86_64 standard
Via root SSH access, please provide the output from the following command:
Code:
# grep -HnR "^password.*sufficient" /etc/pam.d
There may be an entry that is missing one of either "md5" or "sha512".
 

Dream_Th

Member
May 12, 2004
12
0
151
This is the result of: grep -HnR "^password.*sufficient" /etc/pam.d

Code:
/etc/pam.d/system-auth:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
/etc/pam.d/system-auth-ac:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
Via root SSH access, please provide the output from the following command:
Code:
# grep -HnR "^password.*sufficient" /etc/pam.d
There may be an entry that is missing one of either "md5" or "sha512".
This is the result of: grep -HnR "^password.*sufficient" /etc/pam.d

Code:
/etc/pam.d/system-auth:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
/etc/pam.d/system-auth-ac:15:password    sufficient    pam_unix.so shadow nullok try_first_pass use_authtok
For RHEL/CentOS 5 I believe the entry should contain "sha512".
For RHEL/CentOS 4 I believe the entry should contain "md5".

For comparison, here is what I see on two systems that do not exhibit the reported symptom:
Code:
# grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
/etc/redhat-release:CentOS release 5.5 (Final)
/var/cpanel/envtype:standard
/etc/pam.d/system-auth:15:password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
/etc/pam.d/system-auth-ac:15:password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok

# grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
/etc/redhat-release:CentOS release 4.8 (Final)
/var/cpanel/envtype:standard
/etc/pam.d/system-auth:14:password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
In contrast, here is a test system that I found does exhibit the reported symptom:
Code:
# grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^password.*sufficient" /etc/pam.d
/etc/redhat-release:CentOS release 5.5 (Final)
/var/cpanel/envtype:virtuozzo
/etc/pam.d/system-auth:12:password    sufficient    pam_unix.so try_first_pass use_authtok nullok
 

Dream_Th

Member
May 12, 2004
12
0
151
I have made changes to PAM config and here is the output:

Code:
 grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^                               password.*sufficient" /etc/pam.d
/etc/redhat-release:CentOS release 5.5 (Final)
/var/cpanel/envtype:standard
/etc/pam.d/system-auth:14:password    sufficient    pam_unix.so sha512 shadow nu                               llok try_first_pass use_authtok
/etc/pam.d/system-auth-ac:14:password    sufficient    pam_unix.so sha512 shadow                                nullok try_first_pass use_authtok
But i'm still encountering the issue, i have even rebooted the server just in case it required to get the changes.

I used command to include the sha512
authconfig --passalgo=sha512 --update
What i'm missing here?

Thank you
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
I have made changes to PAM config and here is the output:

Code:
grep -H '' /etc/redhat-release /var/cpanel/envtype && grep -HnR "^                               password.*sufficient" /etc/pam.d
/etc/redhat-release:CentOS release 5.5 (Final)
/var/cpanel/envtype:standard
/etc/pam.d/system-auth:14:password    sufficient    pam_unix.so sha512 shadow nu                               llok try_first_pass use_authtok
/etc/pam.d/system-auth-ac:14:password    sufficient    pam_unix.so sha512 shadow                                nullok try_first_pass use_authtok
But i'm still encountering the issue, i have even rebooted the server just in case it required to get the changes.

I used command to include the sha512

What i'm missing here?

Thank you
Please try resetting the password of the affected user, then re-test to check for the symptom.
 

Dream_Th

Member
May 12, 2004
12
0
151
I have changed the password countless time BUT i did it through WHM to change the root password, now i changed the pwd through ssh and it works fine. I tried again to change the pwd from WHM still only 8 chars needed :confused:

Is there a configuration that i have to made to cpanel also?
 

cPanelDon

cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
2,545
12
268
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Twitter
I have changed the password countless time BUT i did it through WHM to change the root password, now i changed the pwd through ssh and it works fine. I tried again to change the pwd from WHM still only 8 chars needed :confused:

Is there a configuration that i have to made to cpanel also?
Instead of SHA512, please try setting MD5, followed by resetting the password via WHM:
Code:
# authconfig --passalgo=md5 --kickstart