https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854634#M94422 Hi, I think Ravi is right ;-)<BR /><BR />--- snip ---<BR />PROBLEM<BR />login(1) command immediately rejects any username. <BR />passwd(1) command does not prompt for a password. <BR /><BR />For example: <BR /><BR /><BR /> $ /usr/bin/login<BR /> login: root<BR /> Login incorrect<BR /> login: guest<BR /> Login incorrect<BR /> login: anyone<BR /> $<BR /><BR /> $ /usr/bin/passwd<BR /> $<BR /><BR />There is nothing else observed failing on this generic system (i.e. - not a trusted system, no CDE, and no networking involved). <BR />RESOLUTION<BR />1) Verify /etc/pam.conf and /usr/lib/security/* files have correct permissions. Sample permissions are: <BR />Note: The following files will not exist on all systems. <BR /><BR /><BR /> $ ls -l /etc/pam.conf<BR /> -r--r--r-- 1 root sys ... /etc/pam.conf<BR /><BR /> $ ls -l /usr/lib/security/*<BR /> -r-xr-xr-x 1 root bin ... /usr/lib/security/libpam_dce.1<BR /> -r-xr-xr-x 1 root sys ... /usr/lib/security/libpam_unix.1<BR /> -r-xr-xr-x 1 root sys ... /usr/lib/security/libpam_updbe.1<BR /><BR />If /etc/pam.conf is corrupt, a fresh copy is available at /usr/newconfig/etc/pam.conf. <BR />2) Test if /sbin/passwd also fails. For instance, as root: <BR /><BR /><BR /> # /usr/bin/passwd<BR /> # /sbin/passwd<BR /> Changing password for root<BR /> New password:<BR /> Re-enter new password:<BR /> #<BR /><BR />If /sbin/passwd works and /usr/bin/passwd fails, then there is likely a problem with a shared library. <BR />The major difference between /sbin versus /usr/bin executables is how they were compiled. The /sbin executables were compiled statically with archive libraries, so they need no additional files. The /usr/bin/ executables generally were compiled dynamically with shared libraries, so they do need additional files. chatr(1) is used to change or display the internal attributes of an executable. For example: <BR /><BR /><BR /> $ chatr /usr/bin/passwd<BR /> /usr/bin/passwd:<BR /> shared executable<BR /> shared library dynamic path search:<BR /> SHLIB_PATH disabled second<BR /> embedded path disabled first Not Defined<BR /> shared library list:<BR /> dynamic /usr/lib/libpam.1<BR /> dynamic /usr/lib/libsec.2<BR /> dynamic /usr/lib/libm.2<BR /> dynamic /usr/lib/libnsl.1<BR /> dynamic /usr/lib/librpcsvc.1<BR /> dynamic /usr/lib/libc.2<BR /> shared library binding:<BR /> deferred<BR /> global hash table disabled<BR /> plabel caching disabled<BR /> shared vtable support disabled<BR /> static branch prediction disabled<BR /> :<BR /><BR /> $ chatr /sbin/passwd<BR /> /sbin/passwd:<BR /> shared executable<BR /> static branch prediction disabled<BR /> :<BR /><BR />Note: This above example was from an 11.00 HP-UX system. On a 10.X system, `chatr /usr/bin/passwd` displayed a shared library list of: <BR /><BR /> shared library list:<BR /> dynamic /usr/lib/libsec.1<BR /> dynamic /usr/lib/libc.1<BR /><BR />To resolve this issue, get a list of the shared libraries that /usr/bin/login is using. For example: <BR /><BR /> $ chatr /usr/bin/login<BR /> /usr/bin/login:<BR /> :<BR /> shared library list:<BR /> dynamic /usr/lib/libpam.1<BR /> dynamic /usr/lib/libsec.2<BR /> dynamic /usr/lib/libnsl.1<BR /> dynamic /usr/lib/libc.2<BR /> :<BR /><BR />and verify these are not corrupt by comparing them against shared libraries from a known working system. <BR />If no other problems are observed on the system, it likely not a libc issue, as many commands use the libc library. Replacing one of these libraries with a valid library may resolve the problem. Old superseded libraries may be available in one of the subdirectories below the /var/adm/sw/save (or /var/adm/sw/patch for 10.X) directory. <BR /><BR />Corruption may have occurred due to swinstall(1) exiting prematurely during installation of patches, patches may have been installed without their corresponding dependent patches, or other possiblities. <BR /><BR />--- snap ---<BR /><BR />Regards,<BR />Armin Fri, 29 Nov 2002 11:44:03 GMT Armin Feller 2002-11-29T11:44:03Z https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854631#M94419 Hi,<BR />when i telnet to my hp 11i system ..and give the log in as root..it says login incorrect..without asking for a password..it happens with every user..plus the same is happening at console also.any clues Fri, 29 Nov 2002 11:31:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854631#M94419 manu_5 2002-11-29T11:31:38Z https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854632#M94420 Hi,<BR /><BR />if rlogin works fine, then execute the following commands to resolve the problem:<BR /><BR /> 1. cd /etc<BR /><BR /> 2. rm securetty<BR /><BR />Medusa creates the securetty file. This file creates problems with ARPA services.<BR /><BR />Regards,<BR />Armin Fri, 29 Nov 2002 11:34:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854632#M94420 Armin Feller 2002-11-29T11:34:08Z https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854633#M94421 Hi,<BR /><BR />in /etc/pam.conf check whether any login line is commented, if it is then uncomment that line Fri, 29 Nov 2002 11:39:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854633#M94421 Ravi_8 2002-11-29T11:39:29Z https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854634#M94422 Hi, I think Ravi is right ;-)<BR /><BR />--- snip ---<BR />PROBLEM<BR />login(1) command immediately rejects any username. <BR />passwd(1) command does not prompt for a password. <BR /><BR />For example: <BR /><BR /><BR /> $ /usr/bin/login<BR /> login: root<BR /> Login incorrect<BR /> login: guest<BR /> Login incorrect<BR /> login: anyone<BR /> $<BR /><BR /> $ /usr/bin/passwd<BR /> $<BR /><BR />There is nothing else observed failing on this generic system (i.e. - not a trusted system, no CDE, and no networking involved). <BR />RESOLUTION<BR />1) Verify /etc/pam.conf and /usr/lib/security/* files have correct permissions. Sample permissions are: <BR />Note: The following files will not exist on all systems. <BR /><BR /><BR /> $ ls -l /etc/pam.conf<BR /> -r--r--r-- 1 root sys ... /etc/pam.conf<BR /><BR /> $ ls -l /usr/lib/security/*<BR /> -r-xr-xr-x 1 root bin ... /usr/lib/security/libpam_dce.1<BR /> -r-xr-xr-x 1 root sys ... /usr/lib/security/libpam_unix.1<BR /> -r-xr-xr-x 1 root sys ... /usr/lib/security/libpam_updbe.1<BR /><BR />If /etc/pam.conf is corrupt, a fresh copy is available at /usr/newconfig/etc/pam.conf. <BR />2) Test if /sbin/passwd also fails. For instance, as root: <BR /><BR /><BR /> # /usr/bin/passwd<BR /> # /sbin/passwd<BR /> Changing password for root<BR /> New password:<BR /> Re-enter new password:<BR /> #<BR /><BR />If /sbin/passwd works and /usr/bin/passwd fails, then there is likely a problem with a shared library. <BR />The major difference between /sbin versus /usr/bin executables is how they were compiled. The /sbin executables were compiled statically with archive libraries, so they need no additional files. The /usr/bin/ executables generally were compiled dynamically with shared libraries, so they do need additional files. chatr(1) is used to change or display the internal attributes of an executable. For example: <BR /><BR /><BR /> $ chatr /usr/bin/passwd<BR /> /usr/bin/passwd:<BR /> shared executable<BR /> shared library dynamic path search:<BR /> SHLIB_PATH disabled second<BR /> embedded path disabled first Not Defined<BR /> shared library list:<BR /> dynamic /usr/lib/libpam.1<BR /> dynamic /usr/lib/libsec.2<BR /> dynamic /usr/lib/libm.2<BR /> dynamic /usr/lib/libnsl.1<BR /> dynamic /usr/lib/librpcsvc.1<BR /> dynamic /usr/lib/libc.2<BR /> shared library binding:<BR /> deferred<BR /> global hash table disabled<BR /> plabel caching disabled<BR /> shared vtable support disabled<BR /> static branch prediction disabled<BR /> :<BR /><BR /> $ chatr /sbin/passwd<BR /> /sbin/passwd:<BR /> shared executable<BR /> static branch prediction disabled<BR /> :<BR /><BR />Note: This above example was from an 11.00 HP-UX system. On a 10.X system, `chatr /usr/bin/passwd` displayed a shared library list of: <BR /><BR /> shared library list:<BR /> dynamic /usr/lib/libsec.1<BR /> dynamic /usr/lib/libc.1<BR /><BR />To resolve this issue, get a list of the shared libraries that /usr/bin/login is using. For example: <BR /><BR /> $ chatr /usr/bin/login<BR /> /usr/bin/login:<BR /> :<BR /> shared library list:<BR /> dynamic /usr/lib/libpam.1<BR /> dynamic /usr/lib/libsec.2<BR /> dynamic /usr/lib/libnsl.1<BR /> dynamic /usr/lib/libc.2<BR /> :<BR /><BR />and verify these are not corrupt by comparing them against shared libraries from a known working system. <BR />If no other problems are observed on the system, it likely not a libc issue, as many commands use the libc library. Replacing one of these libraries with a valid library may resolve the problem. Old superseded libraries may be available in one of the subdirectories below the /var/adm/sw/save (or /var/adm/sw/patch for 10.X) directory. <BR /><BR />Corruption may have occurred due to swinstall(1) exiting prematurely during installation of patches, patches may have been installed without their corresponding dependent patches, or other possiblities. <BR /><BR />--- snap ---<BR /><BR />Regards,<BR />Armin Fri, 29 Nov 2002 11:44:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854634#M94422 Armin Feller 2002-11-29T11:44:03Z https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854635#M94423 i cannot do rlogin also. Fri, 29 Nov 2002 11:45:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854635#M94423 manu_5 2002-11-29T11:45:09Z https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854636#M94424 Hello<BR /><BR />If you can not get onto your system from any console, TOC the box, boot to single user mode and check your files starting with /etc/passwd.<BR />All chatr checks also good idea.<BR /><BR />Hope this helps,<BR />0leg Fri, 29 Nov 2002 18:26:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/login/m-p/2854636#M94424 Oleg Zieaev_1 2002-11-29T18:26:51Z