topic Re: Account disable in Operating System - HP-UX

Account disable

Riccardo BIgoni — Mon, 25 Oct 2004 03:23:40 GMT

Hi,
I have added a users in a system. If I try to remsh I obtain:
#remsh myhost -l riccardo "uptime"
remshd: Account is disabled.
# remsh myhost -l riccardo
Password:
My cripted password is =rbTDEtXgXwZ6 (riccardo). When change my password and the first character isn't = (equal)
my remsh running correctly !!
Someone know this bug ???
You know if it is documented ?
Thanks

Re: Account disable

Steve Steel — Mon, 25 Oct 2004 03:30:25 GMT

Hi

Do you have the latest patch

example

Patch Name: PHNE_23003

Patch Description: s700_800 11.00 r-commands cumulative patch

Steve Steel

Re: Account disable

eran maor — Mon, 25 Oct 2004 03:56:37 GMT

Hi

This error condition can be reproduced by placing a * in the password
field of the /etc/passwd file. The * (or other non-valid) character
(see passwd(4)) indicates to the calling process that the account has
been administratively locked.

This error can also be seen when using an LDAP Server, via the PAM
module /usr/lib/security/libpam_ldap.1, to provide authentication
for r-cmds.

/etc/pam.conf contains:
rcomds auth required /usr/lib/security/libpam_unix.1
rcomds account required /usr/lib/security/libpam_unix.1
............

In this case, the problem is caused because the LDAP directory server,
by default, will use an asterisk - "*" - in the password field. Thus
remshd(1M) interprets the Account as being disabled.

Re: Account disable

Riccardo BIgoni — Mon, 25 Oct 2004 04:42:11 GMT

Thanks for answer.
In my system is installed the PHNE_2303. This problem exist in 11.00 and 11i system.
I don't use LDAP server for authentication.

Bye

Re: Account disable

Sridhar Bhaskarla — Mon, 25 Oct 2004 04:47:07 GMT

Hi,

Is this a trusted system?. If so, do you have password restrictions on?. Like 'getprdef -m exptm,lftm'?. How are you adding the users?.

I don't believe it has anything to do with 'remsh' command. How about trying 'telnet' to access the login after it's creation?

-Sri

Re: Account disable

Riccardo BIgoni — Mon, 25 Oct 2004 05:03:27 GMT

Hi,
my system isn't Trusted, and haven't any restrictions pwd.
For add usig adduser, but if I a change password for old user whith vi /etc/passwd and this password BEGIN whith equal remsh don't running correctly.
If I using telnet enter in system whithout problem.
I believe that this is a problem of remsh.

Bye

Re: Account disable

Riccardo BIgoni — Mon, 25 Oct 2004 05:30:42 GMT

I FOUND IT !!
In man 4 passwd:

The encrypted password consists of 13 characters chosen from a 64-character set of "digits" described below, Login can be prevented by
entering in the password field a character that is not part of the set of digits (such as *).

The characters used to represent "digits" are . for 0, / for 1, 0 through 9 for 2 through 11, A through Z for 12 through 37, and a through z for 38 through 63.

Probability remsh don't running if a password begin a non valid
character, telnet don't parsing the first character.

Thank for help

Bye