https://community.hpe.com/t5/operating-system-hp-ux/accounts-expire-after-system-security-policies-configured/m-p/4273871#M334657 HPUX 11i Ver 2 (Itanium)<BR />After I put my system in trusted mode Im still able to login with my account and su to root. I then configure System Security Policies (via SAM) with password aging Enabled, and then go to the individual accounts (mine and root) and disable password aging. At this point Im now locked out. The system will not accept my password nor can I su to root. <BR /><BR />If I untrust the system at this point the passwords work.<BR /> Mon, 22 Sep 2008 18:28:09 GMT Jonathan Grymes 2008-09-22T18:28:09Z https://community.hpe.com/t5/operating-system-hp-ux/accounts-expire-after-system-security-policies-configured/m-p/4273871#M334657 HPUX 11i Ver 2 (Itanium)<BR />After I put my system in trusted mode Im still able to login with my account and su to root. I then configure System Security Policies (via SAM) with password aging Enabled, and then go to the individual accounts (mine and root) and disable password aging. At this point Im now locked out. The system will not accept my password nor can I su to root. <BR /><BR />If I untrust the system at this point the passwords work.<BR /> Mon, 22 Sep 2008 18:28:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/accounts-expire-after-system-security-policies-configured/m-p/4273871#M334657 Jonathan Grymes 2008-09-22T18:28:09Z https://community.hpe.com/t5/operating-system-hp-ux/accounts-expire-after-system-security-policies-configured/m-p/4273872#M334658 Accounts are expired by default after converting to trusted. <BR /><BR />After converting you need to do:<BR /><BR /># /usr/lbin/modprpw -V<BR /><BR />to refresh all accounts. Mon, 22 Sep 2008 18:40:06 GMT https://community.hpe.com/t5/operating-system-hp-ux/accounts-expire-after-system-security-policies-configured/m-p/4273872#M334658 Patrick Wallek 2008-09-22T18:40:06Z https://community.hpe.com/t5/operating-system-hp-ux/accounts-expire-after-system-security-policies-configured/m-p/4273873#M334659 Ok, how do set the root password. Im still unable to su. Same with the other accounts. Mon, 22 Sep 2008 18:50:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/accounts-expire-after-system-security-policies-configured/m-p/4273873#M334659 Jonathan Grymes 2008-09-22T18:50:08Z https://community.hpe.com/t5/operating-system-hp-ux/accounts-expire-after-system-security-policies-configured/m-p/4273874#M334660 Hi,<BR /><BR />It is not preferred to set security policies for root account since some policies may deactivate the account.<BR />For examample "unsuccessful login tries".<BR /><BR />If root account locked follow the steps to reset it.<BR /><BR />1. Boot the system in to single user mode.<BR /><BR />2. Mount /usr file systems.<BR /> # mount /usr<BR /><BR /> Note: The file system might need file system check (fsck) before mounting.<BR /><BR />3. Systems that are not using Trusted System security skip to step #4.<BR /> For Trusted Systems (presence of a /tcb directory), follow these additional<BR /> steps:<BR /><BR /> a) Use the following command to reactivate the 'root' account:<BR /> # /usr/lbin/modprpw -k root<BR /><BR /> b) Use the 'modprpw' command to null the password, so that the passwd command<BR /> does not prompt for the old password.<BR /><BR /> 10.x<BR /> # /usr/lbin/modprpw -w "" root<BR /><BR /> 11.x<BR /> # /usr/sam/lbin/usermod.sam -F -p "" root<BR /><BR /> NOTE: To untrust the system, use: tsconvert -r<BR /><BR />4. Change the root account password.<BR /> # passwd root<BR /><BR />5. Boot the system in to multi user mode.<BR /><BR />Hope this helps. Tue, 23 Sep 2008 09:15:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/accounts-expire-after-system-security-policies-configured/m-p/4273874#M334660 Ganesan R 2008-09-23T09:15:07Z https://community.hpe.com/t5/operating-system-hp-ux/accounts-expire-after-system-security-policies-configured/m-p/4273875#M334661 You can remove the root account lock out after making the system in trusted mode by the following command.<BR /><BR />/usr/lbin/modprpw -m exptm=0,lftm=0,mintm=0,expwarn=0,llog=0 root<BR /><BR /><BR />Do it always for root account.After making the system in trusted mode. Wed, 24 Sep 2008 03:56:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/accounts-expire-after-system-security-policies-configured/m-p/4273875#M334661 ManojK_1 2008-09-24T03:56:57Z