cPanel & WHM Version 98 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

Password changes for individual email account users.

4u123 shared this idea 9 years ago
Open Discussion

There needs to be a different way for users to change their email account passwords.


Many of our customers are small businesses with 5 or more email accounts. With cPanel, the email account passwords can be changed only by the cpanel admin user, which means that he/she will know each users individual password. Each user must contact that person each time they want to change their password. This is not appropriate.


I propose two changes....


1. The cpanel user can "lock" an email account password from the "email Accounts" area in cpanel - so that it can only be changed from that point forward by the individual account user. If the email account password is locked, only the server admin can unlock it, to allow the cpanel user access to change the password again. If the account password is unlocked, the cpanel user can change it at any time.


2. When the email account password is locked, the email user must login to webmail where, in addition to the available webmail apps, they will have a new option to change their email password.


This way, the agreement for the email user to manage their own password is between them and the cpanel admin user and it is optional if they require this extra level of security.

Replies (4)

photo
1

Email users can already change their email password using our webmail interface (ports 2095 and 2096).

photo
1

Kenneth Power wrote:

Email users can already change their email password using our webmail interface (ports 2095 and 2096).
True, unless they are using autoload to bypass the webmail choice interface(almost all of the customers we have that use webmail do). And only if they're not using a 3rd party webmail interface like many of our customers do.


It may be prudent to move the Change Password link to the webmail login screen. Obviously they would still need to authenticate, but it would remove the issue with not even seeing the option with autoload enabled.

photo
1

I notice when I want to change my password for the cPanel it asks me for my old password, yet if someone compromises my account once they are in they can change my email passwords at will, it would be safer to have the same level of password security as when changing cPanel password by asking for the old password when changing the email password.

photo
1

The webmail autoload feature has a five second delay before loading the webmail client. That should be long enough for people to cancel it in order to change their password.


If by third party webmail interface one means a different theme for webmail (as opposed to a webmail application like @mail), then the third party theme needs to implement a change password feature. We provide an API call for doing just that (http://documentation.cpanel.net/display/SDK/cPanel+API+2+-+Email#cPanelAPI2-Email-Email::passwdpop).


We provide a 'Forgot Password' feature, which you could enable, that gives a link on the login form. This can be used to change the password.


The lack of requiring the existing password when changing the password via webmail is certainly an unfortunate oversight. We'll get that fixed.

Leave a Comment
 
Attach a file