The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

what is the max length for the domain password?

Discussion in 'General Discussion' started by thomor25, Feb 11, 2003.

  1. thomor25

    thomor25 Member

    Joined:
    Feb 10, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I put in a 26 char password and now it won't let me log in, what is the max lenth for a cpanl password?
     
  2. FijianTribe

    FijianTribe Well-Known Member

    Joined:
    Jan 30, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    After taking a vote on the IRC channel, we believe that you messed something up, maybe miss-typed or something.

    User names have an 8 character limit, but passwords have no limit (up to 255 characters) from what we believe.

    Is this a new account you are creating or did you have an account and then change the password?
     
  3. FijianTribe

    FijianTribe Well-Known Member

    Joined:
    Jan 30, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    hmmm after carefull testing on our machines and retesting amongst ourselves we seem to have found the following problem:

    if I change a password using WHM, and set it to something that's 15 characters long, when I try to login via SSH (it has shell access) it will accept ANYTHING that matches the first 8 characters.

    howver, if I use the system &passwd& command to change the password, the password must match exactly, regardless of length.

    It would seem there is a feature that's making this happen. It's not normal 'nix behavior at all.

    I believe the password portion of cpanel was coded many many years ago, which is probably why there is still some legacy restrictions. I don't think this is a bug, rather an inconvenience.

    dumb feature, but a feature nonetheless.

    In conclusion, in some cases 8 characters is the password max length
     
  4. thomor25

    thomor25 Member

    Joined:
    Feb 10, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cool I had my guy fix it,
     
  5. ecoutez

    ecoutez Well-Known Member

    Joined:
    May 23, 2002
    Messages:
    152
    Likes Received:
    0
    Trophy Points:
    0
    FYI - this issue has been addressed

    I mentioned this to Nick on IRC yesterday and he confirmed that the 8 character passwords were in place because of a problem with certain RedHat 6.2 machines that would fail to work properly with long passwords. He added a routine to check if the system is RH7+ and if so use more secure passwords.

    Passwords set via WHM in RH7.0 or higher should now be set exactly as entered, and daemons will not accept passwords that match only the first 8 characters for those newly set passwords.

    - Jason
     
  6. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    sorry to bring this back up to the top...

    Ran into a bizarre issue today that seems related -- but the answer (run RH 7 or higher) isn't taking care of this bug.

    What happened:

    -User created an account password for 'password49'

    -User has a MySQL database for an ecommerce store. Instead of creating a separate database user for his store database, he was simply using his account main account login in his php store config.

    -Another admin for his site thought the password was 'password43' and used this to login to cpanel (it let him in-- the first 8 characters matched)

    -The store immediately started returning 'Access Denied' errors fro the database login.

    -Upon entering cpanel and going into the MySQL Admin section, this action immediately corrected the account password on the database.

    So it seems, just logining in with the wrong password, when it is over 8 characters, will for some reason, cause cpanel to CHANGE the mySQL account password -- but MySQL admin fixes it. Took 2 hours to figure this out.

    And this is on RH 7.2 w/Cpanel 6.0R108
     
Loading...

Share This Page