System Administration
Showing results for 
Search instead for 
Do you mean 

Can't unlock user (Trusted Mode)

SOLVED
Go to Solution
Frequent Advisor

Can't unlock user (Trusted Mode)

Hi,

 

I'm getting a really weird behaviour in one of our HPUX 11.23 boxes, with Trusted Mode enabled.

 

When I want to unlock a user which has been disabled, it seems the modprpw does nothing:

 

server1@root:>getprpw -l user1
uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 10:43:33 2013, ulogint=Fri Jul 5 10:49:36 2013, sloginy=-1, culogin=3, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000

 

 

server1@root:>modprpw -k user1

 

server1@root:>getprpw -l user1

uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 10:43:33 2013, ulogint=Fri Jul 5 10:49:36 2013, sloginy=-1, culogin=3, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000

 

 

What could cause this? Things get ever more weird when I make a su - into the user, since it gets enabled:

 

server1@root:>su - user1

 

server1@user1:>exit
logout

 

server1@root:>getprpw -l user1
uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 11:01:36 2013, ulogint=Fri Jul 5 10:56:13 2013, sloginy=-1, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000

 

 

Any hints?

3 REPLIES
Honored Contributor Honored Contributor

Re: Can't unlock user (Trusted Mode)

After you run the 'modprpw' command to reactivate a user, run the command 'echo $?' to see what the return status of the command was.  It should be '0' if it is completing normally.

 

I would also make sure that your 'modprpw' command is correct.

 

Here is info from one of the 11.23 systems I have access to:

 

# whence -v modprpw
modprpw is /usr/lbin/modprpw

# ll /usr/lbin/modprpw
-r-xr-xr-x   1 bin        bin          49152 Sep  3  2003 /usr/lbin/modprpw

# what /usr/lbin/modprpw
/usr/lbin/modprpw:
        $Revision: 92453-07 linker linker crt0.o B.11.16.01 030415 $
         $Revision: B11.23_LR
         Fri Aug 29 21:29:08 PDT 2003 $

 

Trusted Contributor

Re: Can't unlock user (Trusted Mode)

you can editmthe file for that user in the /tcb directory and change the flag that makes it locked
Emil Velez
HP UNIX Certified ATP ASE HPUX
Certified HP Instructor, ATP and ASE Server Solutions
ATP Storage

Master ASE Superdome Solutins



HPE Education Services

Ask me about training on HP-UX, Proliant, ServiceGuard, StoreAll, StoreOnce, StoreServ, StoreEasy and High Availability

internet: Emil.Velez@hpe.com
Linkedin: http://www.linkedin.com/in/emilvelez

Highlighted
Frequent Advisor

Re: Can't unlock user (Trusted Mode)

Thanks to both for your help.

 

Yeah, there was a problem with the binary /usr/lbin/modprpw indeed, it was zero bytes size and the what command on it didn't show any output, it may have got overwritten somehow.