topic root password issue in Operating System - HP-UX

root password issue

siva0123 — Fri, 03 Aug 2007 08:44:08 GMT

Hey gurus,

I've got a very strange problem.

1. I changed the password of root user after doing a su from user x to root . The password was abc@root .

2. After This it doesnt allow me direct login or su to root any normal user except that user x from where i changed the password. ( I am sure direct root login is not disabled and su is not prohibited)

3. Strange thing is when i changed the password again to something like root123 , it started working fine . Direct root login is happening and su from other usres are also happening.

This is quite strange isnt it?

If the @ character in the password is the problem then it should not have allowed a su from only user x.

Any idea what could be the magic behind that.

Thanks,
Siva

Re: root password issue

Juan M Leon — Fri, 03 Aug 2007 08:53:08 GMT

1. I changed the password of root user after doing a su from user x to root . The password was abc@root .

I used the @ sign befor and I never had problems.

2. After This it doesnt allow me direct login or su to root any normal user except that user x from where i changed the password. ( I am sure direct root login is not disabled and su is not prohibited)
Do you get any entry in the syslog?
Are you unable to use root password from the console?

What unix version are you running.

Re: root password issue

Tommy Brown — Fri, 03 Aug 2007 08:54:08 GMT

Hello Siva,
the @ symbol is a special symbol that is interpreted as: IGNORE anything prior.
Therefore, abc@root yields root as the password.
It is very handy when typing your login or password and make a mistake to type in @, then the correct login or password, since the backspace key adds characters.
Tommy

Re: root password issue

Patrick Wallek — Fri, 03 Aug 2007 08:58:19 GMT

Have a look at the WARNINGS section of the passwd(1) man page (man 1 passwd).

The relevant part is excerpted here:

WARNINGS
Avoid password characters which have special meaning to the tty driver, such as # (erase) and @ (kill). You may not be able to login with these characters.

Re: root password issue

siva0123 — Fri, 03 Aug 2007 09:02:11 GMT

Juan,

I'm using HPUX 11.11 and there is no entry in the syslog . I didnt try that from Console either .

Tommy,

Thats my learning for the day.. Yes i've tried that now and @ ignores the characters before .. Can escape from getting a new login prompt again if i type the wrong password.

But that hasnt answered all my questions.

If that is the case how come it allowed su from the user x alone to root

Thanks,
Siva

Re: root password issue

Tommy Brown — Fri, 03 Aug 2007 09:03:12 GMT

I started to add, that in AIX, a backspace does work to allow correcting an error in the password. I have not tried an @ in the password under AIX. The @ symbol restriction may be an HPUX implementation. I believe it originated in the old Teletype-Console days, when there was no backspace. An @ told the system to ignore any thing prior.
Tommy

Re: root password issue

Matti_Kurkela — Fri, 03 Aug 2007 09:10:05 GMT

Does the user x have a customized .profile or any other login script?

Run "stty -a" as user x and as some other (non-root) user. Compare the results. Pay attention to the "kill = " setting.

If the stty settings are not properly set up, the system will use kernel-level defaults... which are designed for some very old terminals. The "@" character is the kernel-level default "kill" (=delete-line) character.

This is known to happen with some ssh.com commercial SSH product versions: the old versions 3.2.* certainly had this bug.

MK

Re: root password issue

Pete Randall — Fri, 03 Aug 2007 09:14:11 GMT

See the Warnings section of "man passwd":

Avoid password characters which have special meaning to the tty driver, such as # (erase) and @ (kill). You may not be able to login with these characters.

The "@" in the password is your problem.

Pete

Re: root password issue

Bill Hassell — Fri, 03 Aug 2007 21:57:02 GMT

This is a classic problem with HP-UX. The default settings for the terminal driver is @=delete-line and #=backspace. You have probably noticed that the backspace doesn't seem to work at login. Every HP-UX system since the 1980's has used these default. The reason is historic as these characters were used with hardcopy terminals. Today, they get in the way and your /etc/profile (unless modified) has two stty statements that set the 'normal' characters for delete-line and backspace. However, /etc/profile does not run until after you login so it does not affect the login and passwd programs.

If you are running 10.20 or any version of 11.xx you can fix this using the new ttyconf device file. Do this once while you are running:

stty erase "^H" kill "^U" < /dev/ttyconf

and now backspace will work for login, and @ can be used in a password. To make this permanent, include this line in one of your customized startup scripts.

Re: root password issue

Dennis Handly — Sat, 04 Aug 2007 01:22:34 GMT

As mentioned, @ is the default line kill char.
If you really really want it, you can escape it with "\".

Or do what Bill mentions.
Here is the last thread on this issue, with a picture of a TTY:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1136252

Re: root password issue

Victor Fridyev — Sat, 04 Aug 2007 13:34:46 GMT

Hi,

First of all, it's not a good idea to use special characters in UNIX passwords. An explanation why you can login as root from that "magic" user, may be that in his environment default stty settings are changed. In any case when you log in from pure login or telnet prompt, you will not be able to login, if don't use \ before each special character.

HTH