what is the max length for the domain password?

thomor25

Member
Feb 10, 2003
6
0
151
I put in a 26 char password and now it won't let me log in, what is the max lenth for a cpanl password?
 

FijianTribe

Well-Known Member
Jan 30, 2003
70
0
156
After taking a vote on the IRC channel, we believe that you messed something up, maybe miss-typed or something.

User names have an 8 character limit, but passwords have no limit (up to 255 characters) from what we believe.

Is this a new account you are creating or did you have an account and then change the password?
 

FijianTribe

Well-Known Member
Jan 30, 2003
70
0
156
hmmm after carefull testing on our machines and retesting amongst ourselves we seem to have found the following problem:

if I change a password using WHM, and set it to something that's 15 characters long, when I try to login via SSH (it has shell access) it will accept ANYTHING that matches the first 8 characters.

howver, if I use the system &passwd& command to change the password, the password must match exactly, regardless of length.

It would seem there is a feature that's making this happen. It's not normal 'nix behavior at all.

I believe the password portion of cpanel was coded many many years ago, which is probably why there is still some legacy restrictions. I don't think this is a bug, rather an inconvenience.

dumb feature, but a feature nonetheless.

In conclusion, in some cases 8 characters is the password max length
 

ecoutez

Well-Known Member
May 23, 2002
152
0
316
FYI - this issue has been addressed

I mentioned this to Nick on IRC yesterday and he confirmed that the 8 character passwords were in place because of a problem with certain RedHat 6.2 machines that would fail to work properly with long passwords. He added a routine to check if the system is RH7+ and if so use more secure passwords.

Passwords set via WHM in RH7.0 or higher should now be set exactly as entered, and daemons will not accept passwords that match only the first 8 characters for those newly set passwords.

- Jason
 

myrem

Well-Known Member
Jul 14, 2002
93
0
156
sorry to bring this back up to the top...

Ran into a bizarre issue today that seems related -- but the answer (run RH 7 or higher) isn't taking care of this bug.

What happened:

-User created an account password for 'password49'

-User has a MySQL database for an ecommerce store. Instead of creating a separate database user for his store database, he was simply using his account main account login in his php store config.

-Another admin for his site thought the password was 'password43' and used this to login to cpanel (it let him in-- the first 8 characters matched)

-The store immediately started returning 'Access Denied' errors fro the database login.

-Upon entering cpanel and going into the MySQL Admin section, this action immediately corrected the account password on the database.

So it seems, just logining in with the wrong password, when it is over 8 characters, will for some reason, cause cpanel to CHANGE the mySQL account password -- but MySQL admin fixes it. Took 2 hours to figure this out.

And this is on RH 7.2 w/Cpanel 6.0R108