- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: "Account is disabled - see Account Administrat...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2012 04:48 AM
03-15-2012 04:48 AM
Hi at all,
I have a trusted system hp-ux 11.11. I have created further two super-user accounts;
Last month I disabled remote login using the /etc/securetty (set to "console") and using the "PermitRootLogin no" into sshd_config. After some days I tried to login with my personal account and then switch to root user ( "su -") but i recieve the following error message: "Account is disabled - see Account Administrator".
I recieve the same error message if i try to login using other super-user accounts. Also I unable to use the getprpw command because my personal accoun is not a super-user. So I cannot understand why all super-user account has been disabled.
The only workaround I found is to login using MP console , but after some days I get the same login error.
So the questions are:
a) Can someone help me to understand why account become disabled?
b) Is it possible to prevent disabling of root account?
this is the output of getprpw command for root user.
lftm=-1,
acctexp=-1,
expwarn=-1,
admnum=-1,
timeod=-1,
sloginy=console,
culogin=-1,
uloginy=-1,
umaxlntr=-1,
alock=NO, l
ockout=0000000
thank you for any suggestion
Adriano C.
Solved! Go to Solution.
- Tags:
- getprpw
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2012 12:37 PM
03-15-2012 12:37 PM
SolutionWith most getprpw parameters, "-1" means "use the system default value".
Apparently the default for all users (unless overridden by per-user settings) is to have your passwords expire after some number of days. Since you haven't specified that the root password should not expire, it will expire just like regular users' passwords. As you know, the workaround for the expired root account is to log in from the console - it allows root (only) to log in even if the password is in expired state.
To prevent the password from expiring on a specific account, you must set four password attribute values to zeroes: mintm, exptm, lftm and expwarn. If any one of those four values is non-zero, the account will be considered expirable.
modprpw -m mintm=0,exptm=0,lftm=0,expwarn=0 root
- Tags:
- modprpw
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2012 02:35 AM
03-16-2012 02:35 AM
Re: "Account is disabled - see Account Administrator" "message in a trusted system
You are right about means of value "-1".
Further analysis show me a problem with a specific windows application that was trying to connect to server with user root :-(. After 99 attempt user root was disabled.
thank you for your reply.
AdrianoC.