The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Reduce users' password restrictions?

Discussion in 'General Discussion' started by jspicher, Dec 13, 2011.

  1. jspicher

    jspicher Member

    Joined:
    May 19, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hey there guys, so l'm using xml-api2 to update users' passwords and everything works great, however sometimes l get a response that the password could not be updated because it contains a dictionary word... l get that however l need to figure out a way around this, if one of our clients wants to use test123 as their cpanel password; l need to let them do it. Is there a setting somewhere in WHM that will let me scale these restrictions down a bit?

    Thanks for your help!
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    WHM >> Security Center >> Password Strength Configuration
     
  3. jspicher

    jspicher Member

    Joined:
    May 19, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Thanks quietFinn,
    I've updated this setting, and have it set all the way to 0 and the api still responds with:
    Your password could not be changed because the new password failed with the following reason : (it is based on a dictionary word), please try again!

    When trying to set a cpanel password to test123 ... is there anything else l can do to disable this?
     
  4. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    I tested it, in WHM, created an account with password test123, and then changed the password to test12.
    Guess the limitation is in the api then...
     
  5. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    I noticed that if I changed the password in command line, I get that error:
    BAD PASSWORD: it is based on a dictionary word
    but the password was changed anyway.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The message is coming from the Linux "passwd" command, rather than cPanel. In specific, it stems from the pam_cracklib module. This module helps to ensure passwords are not vulnerable. You can disable this module your system, however doing so would allow passwords such as "123" to be used.

    Thank you.
     

Share This Page