topic Re: Problem with modprpw -V in Operating System - HP-UX

Problem with modprpw -V

dictum9 — Thu, 30 Jul 2009 15:08:50 GMT

I converted the 11.23 box trusted host:

tsconvert

/usr/lbin/modprpw -V

Now these problems:

I cannot ssh as root to the box
Cannot change the root password - when it prompts for the old password, it doesn't recognize it.
Also I cannot su to root.
I cannot login as root even over the console connection.

I can still sudo to root but that's about all.

Is that normal behavior?

Re: Problem with modprpw -V

Patrick Wallek — Thu, 30 Jul 2009 15:15:09 GMT

How long is the root password? Is it more than 8 characters? If so, try entering just the first 8 characters.

If I remember correctly, passwords get truncated to 8 characters during the conversion.

Re: Problem with modprpw -V

dictum9 — Thu, 30 Jul 2009 16:48:38 GMT

That was exactly the problem, root password got truncated to 8 chars.

What option can I use to allow passwords greater than 8 chars?

Re: Problem with modprpw -V

James R. Ferguson — Thu, 30 Jul 2009 16:57:18 GMT

Hi:

> What option can I use to allow passwords greater than 8 chars?

Set MIN_PASSWORD_LENGTH in '/etc/default/security'.

For the details, see:

http://docs.hp.com/en/B3921-60631/security.4.html

Regards!

...JRF...

Re: Problem with modprpw -V

dictum9 — Thu, 30 Jul 2009 17:05:29 GMT

I don't get it. My root passwd is greater than 8 chars, so that it should fulfill that requirement.

Now it doesn't seem to apply to root account anyway, per following?

MIN_PASSWORD_LENGTH
This attribute controls the minimum length of new passwords. It applies to trusted systems and to non-root users on standards systems.
***** This attribute applies only to non-root local users.
If the TrustedMigration product is installed, the system-wide default defined here may be overridden by defining per-user values in /var/adm/userdb (described in userdb(4)).

Re: Problem with modprpw -V

Mel Burslan — Thu, 30 Jul 2009 17:08:25 GMT

At the conversion time, root's password gets truncated to its first 8 characters. AFter the conversion, you can make it however long you want within reason. MIN_PASSWD_LENGTH like many other system restrictions do not apply to root user as far as I know, but longer, you definitely can do.

Re: Problem with modprpw -V

dictum9 — Thu, 30 Jul 2009 17:22:45 GMT

OK, I follow this. This means I have go go and manually change root password on all the machines to the correct non-truncated password.

Re: Problem with modprpw -V

Mel Burslan — Thu, 30 Jul 2009 17:34:26 GMT

Unfortunately, this is a shortcoming of trusted system conversion. Nothing you and I can do.

Re: Problem with modprpw -V

Vishu — Thu, 30 Jul 2009 18:42:34 GMT

Hi etc

***Cannot change the root password - when it prompts for the old password, it doesn't recognize it.*****

try this at single user mode, just edit the file /tcb/files/auth/r/root and change

u_pwd=d28YO95ejx0gw:\ (whatever in your system)

to

u_pwd=:\

it will nullify your password, then you will be able to login as root and change your password. i faced this problem and i tried this way and sorted it out.

Re: Problem with modprpw -V

OldSchool — Fri, 31 Jul 2009 13:33:42 GMT

you should be able to use the "first 8 characters" of the existing password to get in. after that you can change the password to whatever, but according to "man password" notes, hp recommends less than 40 characters.

you should also be aware that your users may face the same issue. that will depend on how long their passwords were.

As I recall, this issue is documented somewhere in the conversion procedures, or at least a warning about such issues is there.

Re: Problem with modprpw -V

Bill Hassell — Sun, 02 Aug 2009 21:36:02 GMT

It's important to know that in a standard system (not Trusted), all passwords are 8 characters or less. If you type more characters, the extra characters are ignored. But after you convert to Trusted, only the first 8 characters are kept and when you type more characters, the Trusted code pays attention to the extra characters and your password will not match.

Since sudo works, you can run the passwd command to change root's password, then change any user passwords that were too long. You can either change the password to the full length or pick a temporary one for those users.