https://community.hpe.com/t5/operating-system-hp-ux/pam-authentication/m-p/2772350#M74997 Hi,<BR /><BR />My users use Envize X workstations and we have recently gone to CDE from VUE obtaining a boot from one of our servers.<BR /><BR />One users screen lock kicked in and he could not unlock it even though he was 'confident' that he was putting in the correct password !<BR /><BR />I was led to believe that the root p/w or a UID 0 p/w could unlock any users screen lock but this did not seem to be the case !?! - Can anyone confirm?<BR /><BR />After investigating syslog, I was indeed happy that the user was indeed putting in the correct password as there were the following entries :<BR /><BR />DTSESSION: pam_setcred: failure : 33<BR />DTSESSION: audit_log: cannot set effective uid before audwrite<BR />DTSESSION: pamauthenticate status: 13<BR /><BR />I tried to replicate the problem by entering the wrong password for my account and I got pam_authenticate status of 9 (which was correct when looking at the error codes for pam.<BR /><BR />13 however seems to indicate :-<BR />#define PAM_USER_UNKNOWN 13 /* No account present for user */<BR /><BR />This confuses me as the user has a valid account and we can telnet to the server as him with his password no problem.<BR /><BR />More worryingly, and I'm not sure if this relates to the pam_setcread error above, but I've found a reference that error 33 could mean :-<BR />#define PAM_PRPW_ERROR 33 /* Password database corruption<BR />no corresponding entry found */<BR /><BR />Any ideas ?<BR /><BR />Many thanks in advance<BR /><BR />Russell<BR /> Thu, 25 Jul 2002 07:55:56 GMT Russell Gould 2002-07-25T07:55:56Z https://community.hpe.com/t5/operating-system-hp-ux/pam-authentication/m-p/2772350#M74997 Hi,<BR /><BR />My users use Envize X workstations and we have recently gone to CDE from VUE obtaining a boot from one of our servers.<BR /><BR />One users screen lock kicked in and he could not unlock it even though he was 'confident' that he was putting in the correct password !<BR /><BR />I was led to believe that the root p/w or a UID 0 p/w could unlock any users screen lock but this did not seem to be the case !?! - Can anyone confirm?<BR /><BR />After investigating syslog, I was indeed happy that the user was indeed putting in the correct password as there were the following entries :<BR /><BR />DTSESSION: pam_setcred: failure : 33<BR />DTSESSION: audit_log: cannot set effective uid before audwrite<BR />DTSESSION: pamauthenticate status: 13<BR /><BR />I tried to replicate the problem by entering the wrong password for my account and I got pam_authenticate status of 9 (which was correct when looking at the error codes for pam.<BR /><BR />13 however seems to indicate :-<BR />#define PAM_USER_UNKNOWN 13 /* No account present for user */<BR /><BR />This confuses me as the user has a valid account and we can telnet to the server as him with his password no problem.<BR /><BR />More worryingly, and I'm not sure if this relates to the pam_setcread error above, but I've found a reference that error 33 could mean :-<BR />#define PAM_PRPW_ERROR 33 /* Password database corruption<BR />no corresponding entry found */<BR /><BR />Any ideas ?<BR /><BR />Many thanks in advance<BR /><BR />Russell<BR /> Thu, 25 Jul 2002 07:55:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/pam-authentication/m-p/2772350#M74997 Russell Gould 2002-07-25T07:55:56Z https://community.hpe.com/t5/operating-system-hp-ux/pam-authentication/m-p/2772351#M74998 You are quite right roots passwd can overide a users passwd wrt CDE's screenlock.<BR /><BR />I've not come across this before but am wondering if this system is trusted ? involved with a DCE cell or whether nis maybe involed ?<BR /><BR />also would I be correct in saying this is 10.20 ? has the O/S been upgraded as well and what is your patch level like ? <BR /><BR />maybe worth a /usr/sbin/pwck Thu, 25 Jul 2002 08:16:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/pam-authentication/m-p/2772351#M74998 Alex Glennie 2002-07-25T08:16:37Z