topic Re: Odd password issue in Operating System - HP-UX

Odd password issue

Scott Guy_2 — Fri, 02 Dec 2005 11:13:00 GMT

I have a user who calls about every two weeks saying her password needs to be reset. She tells me that she tries to log in and just gets an "Incorrect Login" response and can't log in.
I'll reset her password and she'll work fine for a couple of weeks and, boom, she's calling back.
I personally think she's forgetting her password, but I can't prove that.
Do any of you have pointers on something I can check technically to see if she is indeed having a freaky issue?? Many other users use the same profile as she does and there's no widespread problem.

I'm running HP-UX 11.0 on an HP N4000.

Re: Odd password issue

Derek Whigham_1 — Fri, 02 Dec 2005 11:16:17 GMT

I would just set up a cron to run a script to cat her entry from the /etc/passwd file and into another file , though you cannot see the password you can see the encrypted bit.

User2:r9vE7p8Sw49KA:2502:500:User

"r9vE7p8Sw49KA" this bit should stay the same.

Re: Odd password issue

Jeff_Traigle — Fri, 02 Dec 2005 11:26:18 GMT

Have you checked to see if the password actually needs to be reset? Maybe it's just being locked because she had too many failed attempts... either her fat-fingering it or someone being obnoxious by trying to login to her account or some scheduled job that runs that has her password hard coded (of course, that latter only makes sense if you keep setting it to the same thing it was before)... quite a few legitimate possibilities.

Re: Odd password issue

john kingsley — Fri, 02 Dec 2005 14:22:19 GMT

Jeff has a good point about the account being locked after a certain number of failded login attempts, but unless you are running in trusted moded, this feature is not supported.

Check to see if password aging is setup on her account. The easiest way to do this is run "passwd -s -a "

Re: Odd password issue

Bill Hassell — Fri, 02 Dec 2005 22:44:31 GMT

You can see exdactly what the user is doing with the lastb command. Do this:

lastb -R user_ID

You'll now see the date and time when the user failed to enter the password correctly. Now if this is a Trusted System, the user would see a lockout message. Note that is any of the users are using a PC, the most likely problem is the XXXXXX Caps Lock key. Rip off the key from the keyboard, then smash it, burn it, do whatever you can to destroy it. The Caps Lock key has no business on a keyboard. Any software that requires ALL UPPERCASE data needs to retire the programmer and get rewritten as soon as possible.

Re: Odd password issue

Sยภเl Kย๓คг — Sat, 03 Dec 2005 03:58:07 GMT

Hi,

If your system is in trusted mode, then only the account lockout and maximum no of passwords retrys will come in to picture.

If this a trusted system,

what is the 'Password Aging' policy set, Password Expiration Time (days) set and Unsuccessful Login Tries Allowed.

Check the user login details as suggested by Bill hassel.

You can probably turnoff the auditing on this perticular user for some time and check.

Regards,
Sunil

Re: Odd password issue

Scott Guy_2 — Mon, 05 Dec 2005 14:17:07 GMT

Thanks for all the replies. We are not running a trusted system, so the lockout isn't happening. There are a couple of suggestions I can take and use the next time this happens, which should be a little over a week or so if this continues on her normal trend.
If I find the "smoking gun", I'll be sure to let y'all know.
In the meantime, any more suggestions are welcome.