https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926164#M110658 when you convert to trusted mode, all passwords get expired. so user will be prompted to entre for new password. To avoid this execute<BR />/usr/lbin/modprpw -V after converting to trusted mode. Thu, 13 Mar 2003 11:39:02 GMT RAC_1 2003-03-13T11:39:02Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926163#M110657 We have recently started converting our HPUX 11.00 systems<BR />to Trusted Systems however on converting the first two systems we found that about 20% of our users when they first logged in were prompted for their old password however when they entered it they were told there was no record of their old password and the connection was terminated. Does anyone know what causes this and how it can be avoided in future conversions. Thu, 13 Mar 2003 11:34:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926163#M110657 ralph barber 2003-03-13T11:34:04Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926164#M110658 when you convert to trusted mode, all passwords get expired. so user will be prompted to entre for new password. To avoid this execute<BR />/usr/lbin/modprpw -V after converting to trusted mode. Thu, 13 Mar 2003 11:39:02 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926164#M110658 RAC_1 2003-03-13T11:39:02Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926165#M110659 Thanks Anil that's handy to know - still curious to know why so many users did not have their old passwords recognised. Thu, 13 Mar 2003 11:45:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926165#M110659 ralph barber 2003-03-13T11:45:13Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926166#M110660 Here are some more basic trusted system commands:<BR /><BR />authck -p (* verifies the integrity of the protected trusted password file in /tcb *)<BR /><BR />getprpw (* alock = yes then disabled account *)<BR /><BR />modprpw -a alock = NO <USER> (* to unlock disabled account *)</USER> Thu, 13 Mar 2003 11:54:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926166#M110660 Michael Steele_2 2003-03-13T11:54:10Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926167#M110661 run pwck and grpck befre converting. Also authck after conversion. Thu, 13 Mar 2003 12:05:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926167#M110661 RAC_1 2003-03-13T12:05:14Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926168#M110662 We did run pwck and grpck before conversions<BR />nothing untoward found Thu, 13 Mar 2003 17:13:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926168#M110662 ralph barber 2003-03-13T17:13:13Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926169#M110663 Hi Ralph,<BR /><BR />There can be issues with password greater than 8 characters when the system is converted. This may account for your 20% of users having the problem.<BR /><BR />regards,<BR /><BR />Darren. Thu, 13 Mar 2003 17:28:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926169#M110663 Darren Prior 2003-03-13T17:28:50Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926170#M110664 Thanks that would make sense as I know quite a few of our users were using passwords longer than 8 characters Thu, 13 Mar 2003 17:33:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926170#M110664 ralph barber 2003-03-13T17:33:32Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926171#M110665 If you haven't been using password aging or your password aging is greater than 60 days, when you go trusted, the default password age is 60 days.<BR /><BR />Any user with a password over 60 days old gets expired.<BR /><BR />Hence the problem.<BR /><BR />As far as there being no record of the old password, that should not happen.<BR /><BR />SEP Thu, 13 Mar 2003 17:37:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926171#M110665 Steven E. Protter 2003-03-13T17:37:22Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926172#M110666 Re: passwords over 8 chars.<BR /><BR />I believe if they had entered just the first 8 chars of their long password they'd be able to change their password.<BR /><BR />regards,<BR /><BR />Darren. Thu, 13 Mar 2003 17:39:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926172#M110666 Darren Prior 2003-03-13T17:39:48Z https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926173#M110667 Stephen<BR />We did have password aging set to 28 days so that wasn't the issue in our case Thu, 13 Mar 2003 17:43:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/trusted-systems/m-p/2926173#M110667 ralph barber 2003-03-13T17:43:25Z