After taking a vote on the IRC channel, we believe that you messed something up, maybe miss-typed or something.
User names have an 8 character limit, but passwords have no limit (up to 255 characters) from what we believe.
Is this a new account you are creating or did you have an account and then change the password?
User names have an 8 character limit, but passwords have no limit (up to 255 characters) from what we believe.
Is this a new account you are creating or did you have an account and then change the password?
hmmm after carefull testing on our machines and retesting amongst ourselves we seem to have found the following problem:
if I change a password using WHM, and set it to something that's 15 characters long, when I try to login via SSH (it has shell access) it will accept ANYTHING that matches the first 8 characters.
howver, if I use the system &passwd& command to change the password, the password must match exactly, regardless of length.
It would seem there is a feature that's making this happen. It's not normal 'nix behavior at all.
I believe the password portion of cpanel was coded many many years ago, which is probably why there is still some legacy restrictions. I don't think this is a bug, rather an inconvenience.
dumb feature, but a feature nonetheless.
In conclusion, in some cases 8 characters is the password max length
if I change a password using WHM, and set it to something that's 15 characters long, when I try to login via SSH (it has shell access) it will accept ANYTHING that matches the first 8 characters.
howver, if I use the system &passwd& command to change the password, the password must match exactly, regardless of length.
It would seem there is a feature that's making this happen. It's not normal 'nix behavior at all.
I believe the password portion of cpanel was coded many many years ago, which is probably why there is still some legacy restrictions. I don't think this is a bug, rather an inconvenience.
dumb feature, but a feature nonetheless.
In conclusion, in some cases 8 characters is the password max length
FYI - this issue has been addressed
I mentioned this to Nick on IRC yesterday and he confirmed that the 8 character passwords were in place because of a problem with certain RedHat 6.2 machines that would fail to work properly with long passwords. He added a routine to check if the system is RH7+ and if so use more secure passwords.
Passwords set via WHM in RH7.0 or higher should now be set exactly as entered, and daemons will not accept passwords that match only the first 8 characters for those newly set passwords.
- Jason
I mentioned this to Nick on IRC yesterday and he confirmed that the 8 character passwords were in place because of a problem with certain RedHat 6.2 machines that would fail to work properly with long passwords. He added a routine to check if the system is RH7+ and if so use more secure passwords.
Passwords set via WHM in RH7.0 or higher should now be set exactly as entered, and daemons will not accept passwords that match only the first 8 characters for those newly set passwords.
- Jason
sorry to bring this back up to the top...
Ran into a bizarre issue today that seems related -- but the answer (run RH 7 or higher) isn't taking care of this bug.
What happened:
-User created an account password for 'password49'
-User has a MySQL database for an ecommerce store. Instead of creating a separate database user for his store database, he was simply using his account main account login in his php store config.
-Another admin for his site thought the password was 'password43' and used this to login to cpanel (it let him in-- the first 8 characters matched)
-The store immediately started returning 'Access Denied' errors fro the database login.
-Upon entering cpanel and going into the MySQL Admin section, this action immediately corrected the account password on the database.
So it seems, just logining in with the wrong password, when it is over 8 characters, will for some reason, cause cpanel to CHANGE the mySQL account password -- but MySQL admin fixes it. Took 2 hours to figure this out.
And this is on RH 7.2 w/Cpanel 6.0R108
Ran into a bizarre issue today that seems related -- but the answer (run RH 7 or higher) isn't taking care of this bug.
What happened:
-User created an account password for 'password49'
-User has a MySQL database for an ecommerce store. Instead of creating a separate database user for his store database, he was simply using his account main account login in his php store config.
-Another admin for his site thought the password was 'password43' and used this to login to cpanel (it let him in-- the first 8 characters matched)
-The store immediately started returning 'Access Denied' errors fro the database login.
-Upon entering cpanel and going into the MySQL Admin section, this action immediately corrected the account password on the database.
So it seems, just logining in with the wrong password, when it is over 8 characters, will for some reason, cause cpanel to CHANGE the mySQL account password -- but MySQL admin fixes it. Took 2 hours to figure this out.
And this is on RH 7.2 w/Cpanel 6.0R108