Reduce users' password restrictions?

jspicher

Member
May 19, 2011
5
0
51
Hey there guys, so l'm using xml-api2 to update users' passwords and everything works great, however sometimes l get a response that the password could not be updated because it contains a dictionary word... l get that however l need to figure out a way around this, if one of our clients wants to use test123 as their cpanel password; l need to let them do it. Is there a setting somewhere in WHM that will let me scale these restrictions down a bit?

Thanks for your help!
 

quietFinn

Well-Known Member
Feb 4, 2006
1,660
335
438
Finland
cPanel Access Level
Root Administrator
WHM >> Security Center >> Password Strength Configuration
 

jspicher

Member
May 19, 2011
5
0
51
Thanks quietFinn,
I've updated this setting, and have it set all the way to 0 and the api still responds with:
Your password could not be changed because the new password failed with the following reason : (it is based on a dictionary word), please try again!

When trying to set a cpanel password to test123 ... is there anything else l can do to disable this?
 

quietFinn

Well-Known Member
Feb 4, 2006
1,660
335
438
Finland
cPanel Access Level
Root Administrator
I tested it, in WHM, created an account with password test123, and then changed the password to test12.
Guess the limitation is in the api then...
 

quietFinn

Well-Known Member
Feb 4, 2006
1,660
335
438
Finland
cPanel Access Level
Root Administrator
I tested it, in WHM, created an account with password test123, and then changed the password to test12.
Guess the limitation is in the api then...
I noticed that if I changed the password in command line, I get that error:
BAD PASSWORD: it is based on a dictionary word
but the password was changed anyway.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
Hello :)

The message is coming from the Linux "passwd" command, rather than cPanel. In specific, it stems from the pam_cracklib module. This module helps to ensure passwords are not vulnerable. You can disable this module your system, however doing so would allow passwords such as "123" to be used.

Thank you.