Operating System - HP-UX
1748205 Members
4479 Online
108759 Solutions
New Discussion

root password recovery for hpux 11.22

 
SOLVED
Go to solution
solaris72
Occasional Contributor

root password recovery for hpux 11.22

I lost  root password  for my unix server running 11iv2 and its a trusted system.  But fortunately i have sudo access to root from my user account.

 

Will the below steps will work to regain my password (i got it through web and it make sense)

 

sudo su -
enter your own password here
#id
you must see user id 0, which means you are root.
#cd /tcb/files/auth/r
#cp root backup_root

useradd -m dummy (or any unused username)
#passwd dummy
give it a password
#cd ../d
#cat dummy
copy the encrypted string on the password line up to the colon sign (do not include the colon)
#cd ../r
#vi root
delete the password string and paste the copied password string in its place, making sure the length of deleted string and pasted string are the same.
#passwd root
give password for user dummy as old password
select a new password and type twice !

 

10 REPLIES 10
Ken Grabowski
Respected Contributor
Solution

Re: root password recovery for hpux 11.22

It's much easier than that. Just edit the /tcb/files/auth/r/root tcb file and change the password line to:

:u_pwd=:\

 

Then login as root and run passwd command to set the new password.

 

You can also use scp to overwrite the old file with a know password file from another server.

solaris72
Occasional Contributor

Re: root password recovery for hpux 11.22

Thanks Ken

 

I recently implemented this in /etc/default/security for auditing.

 

MIN_PASSWORD_LENGTH=8
PASSWORD_HISTORY_DEPTH=24
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1

 

and my old password is less than 8 characters and no special characters etc..  I beleive thats why it quits working?  Will emptying root password allow me to reset as it needs to go through above variables?

Ken Grabowski
Respected Contributor

Re: root password recovery for hpux 11.22

I've had settings like that and never had a problem. But of course taking a copy of the tcb file before you start can never hurt.  Those configuration setting are normally used by the security files (pam) at login and when changing passwords. I've never heard of these settings invalidating an active account. 

solaris72
Occasional Contributor

Re: root password recovery for hpux 11.22

Worked perfectly.

Dennis Handly
Acclaimed Contributor

Re: root password recovery for HP-UX 11.22

>It's much easier than that.

 

Any reason you can't just use /sbin/passwd to change the password?

Does it work with trusted?

Ken Grabowski
Respected Contributor

Re: root password recovery for HP-UX 11.22

Dennis,  passwd requires the prior root password to be known and entered when the system is set to trusted. When the root password is lost you only have this approach if you have SUDO or RBAC setup, or reboot to single user.

Dennis Handly
Acclaimed Contributor

Re: root password recovery for HP-UX 11.22

>passwd requires the prior root password

 

Are you sure this is still true for /sbin/passwd?

Ken Grabowski
Respected Contributor

Re: root password recovery for HP-UX 11.22

I've never seen any difference between /sbin/passwd and /usr/bin/passwd when changing the root password on a trusted system. It has always prompted for "Old password:" from 11iv1 through 11iv3.  Have you tried it and seen a different behavior?

Patrick Wallek
Honored Contributor

Re: root password recovery for HP-UX 11.22

I just ran '/sbin/passwd root' on HP-UX 10.20, 11.0, 11.11, 11.23 and 11.31 and it asked for the old password on all servers.

 

I don't remember ever NOT being prompted for the old password, regardless of the passwd program used.