topic Re: trusteding a system without forcing a password in Operating System - HP-UX

trusteding a system without forcing a password

John Carr_2 — Fri, 19 Dec 2003 10:03:04 GMT

I have today trusted a system succesfully using SAM and no users including root was requested to change there password after.

I have trusted another server using SAM both patched the same both same o/s. This time when i tried to test root it tried to force password change.

I ran modprpw -V from an open session and tried again but still it wanted to force change of password.

I have had to untrust this for now and this is all very hard as these are production servers without backup systems ...

any ideas :-( John.

Re: trusteding a system without forcing a password

Helen French — Fri, 19 Dec 2003 10:08:56 GMT

One thing to remember is the passwd length. Is that more than 8 characters in the second system? The default maximum password length on a trusted system is 8. If that's the case, give only your first 8 characters.

Re: trusteding a system without forcing a password

John Carr_2 — Fri, 19 Dec 2003 10:13:28 GMT

Shiju

I already changed all root passwords to 8 characters because of the risk oof this

:-) John.

Re: trusteding a system without forcing a password

RAC_1 — Fri, 19 Dec 2003 10:14:43 GMT

If my memory serves me right modprpw -V updates the last successful login time to that of current time.
After executing modprpw -V, can you check that(spwchg flag)is updated or not? (with getprpw -m spwchg useR_name"

Re: trusteding a system without forcing a password

John Carr_2 — Fri, 19 Dec 2003 10:17:52 GMT

RAC

getprpw only works on trusted systems this one I had to untrust straight away as it would have stopped production so unfortunatly I cant do this.

John.

Re: trusteding a system without forcing a password

Helen French — Fri, 19 Dec 2003 10:22:32 GMT

Did you by any chance, 'null' the password of root from SAM option? If yes, it will ask for the new password on the login time. Also, check the password restriction of root login.

Just some thoughts...

Re: trusteding a system without forcing a password

RAC_1 — Fri, 19 Dec 2003 10:23:25 GMT

How abt a workaround?

Just after you convert to trusted mode, using modprpw to update last successfull login time?

This will avoid password expiry.

But you need to check why modprpw -V is not taking care of that.

My 2 cents.

Re: trusteding a system without forcing a password

John Carr_2 — Fri, 19 Dec 2003 10:26:55 GMT

Shiju

no i definetly did not do that.

RAC

I did run modprpw -V and it made no difference.

John.