The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

web protection password limit

Discussion in 'Security' started by okanari, Sep 29, 2005.

  1. okanari

    okanari Member

    Joined:
    Sep 5, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    I have password protected directories and one of this directories have 20 characters long password. But I am writing first 10 characters and I can reach the data.

    How can I increase the password character limit to 30?

    Thank you
     
  2. ghstber

    ghstber Member

    Joined:
    Oct 7, 2005
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Sorry to bring this issue back up ('05 issue with no answer), but I've had this problem as well. When assigning a password to a web-protect user on one particular server we have, cPanel throws an error saying:

    "The following error(s) occurred: A limit of the max characters in the password field to 8 characters."

    This is only happening on one of many servers, and I didn't find anything searching the forums. Anyone have any information?
     
  3. manokiss

    manokiss Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    571
    Likes Received:
    0
    Trophy Points:
    16
    SAme problem here, wondering if someone could confirm if this is a new limit or if is a bug or something else.

    Thank you!
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    The password length limitation is caused by the password encryption cpanel is using for the Apache authentication. It's been around forever - it's actually a limitation of the system library call crypt(3).

    Presumably some apache's won't have it, depending on whether the underlying library call has been fixed or not.

    If you are relying on Apache basic auth, you'll need to recompile Apache to get the length extended - using either a different version of the crypt call or some other Apache option.

    You could use longer passwords if you did session based authentication, and I think that could probably be made to look the same way to a user.
     
  5. manokiss

    manokiss Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    571
    Likes Received:
    0
    Trophy Points:
    16
    Thank you!
     
Loading...

Share This Page