topic Re: root password question in Operating System - HP-UX

root password question

Jeff Nyberg — Wed, 18 Dec 2002 14:32:48 GMT

Hello-

Here's an odd situation. We changed the root password a couple days ago and it was working fine until we rebooted the machine this morning. After the reboot we could not log onto the console or from any terminal emulators using the new or old root password. I thought I was going to have to pull out the single user move. HOWEVER, I could log in using my normal user name and then su - out to root using the new password! What?! I have now changed the password to something totally different and can log in fine as root. I will also say that the password we chose a couple of days ago did contain an @ symbol which I read on the forums can cause an issue. Can anyone confirm that? Any guesses as to why I couldn't log in as root but could su - to root? Any guesses as to whether or not it will happen the next time I reboot? It isn't a major deal, but I certainly am curious!

Thank you all for your time,

Jeff

Re: root password question

John Dvorchak — Wed, 18 Dec 2002 14:39:36 GMT

The @ symbol is a leftover from the days when we used a real tty device. The @ symbol actually means delete to end of line so when you were logging on from the console ( a tty) as soon as you typed the @ sign the console ignored everything after that. So the moral here is don't ever use an @ symbol in the password or username.
Good luck
John

Re: root password question

George Abraham_1 — Wed, 18 Dec 2002 14:40:10 GMT

Hi Jeff

I tried in my systems with a password containing a @ symbol but it seems to work... you say you cannot login from console also as root?...

cheers
george

Re: root password question

John Poff — Wed, 18 Dec 2002 14:40:28 GMT

Hi,

Check to see if you have an /etc/securetty file on your system. If so, root can only login at the tty's listed in that file. Many people will use that file to limit root logins to just the console by putting the entry "console" in the /etc/securetty file. Maybe you have the file with no entries in it?

JP

Re: root password question

Ravi_8 — Wed, 18 Dec 2002 14:41:29 GMT

Hi,

Your theory shows that your system is trusted. check for passwd expiry days

Re: root password question

Patrick Wallek — Wed, 18 Dec 2002 14:43:22 GMT

I, too, have had the @ symbol cause me problems when used with a root password. I could not log into the console, but could su.

I would recommend AGAINST using ANY special characters in the root password, just in case! Keep it simple, use only a-z and 0-9.

Re: root password question

John Dvorchak — Wed, 18 Dec 2002 14:45:36 GMT

Ok I see that I was making an assumption that the @ symbol was one of the first 8 characters in the password. You can use the @ symbol in your password if either of these two conditions are met:
1. you never logon from the console
2. @ symbol is the 9th or greater character

Rather than try to remember the above rules, I find it easier to pick another character to use.

Good luck,
John

Re: root password question

Jeff Nyberg — Wed, 18 Dec 2002 14:49:58 GMT

Hey - thanks for all the quick replies!

Just to clarify in case someone else runs across this string - the new password worked fine from everywhere (console and terminal emulators) before the reboot. As soon as we rebooted we were only able to log in as root by logging in as a normal user and then su - 'ing into root. Just to be on the safe side the newest password does not contain an @ symbol nor will any future passwords! However the real test will be conducted upon the next reboot of the system.

Thanks again,

Jeff

Re: root password question

Rodney Hills — Wed, 18 Dec 2002 15:36:09 GMT

Everyone is correct that the "@" is the cancel line character (and "#" is the backspace).

I have added the following in a boot up script under /sbin/init.d that will turn ^H and ^U to be backspace and cancel (kill) line. This then allows "@" or "#" to be in the password.

stty erase '^H' kill '^U' intr '^C' susp '^Z'
This sets the default globally for all terminals. Even during the login process.

See man stty for more info.

HTH

-- Rod Hills

Re: root password question

Rodney Hills — Wed, 18 Dec 2002 15:42:30 GMT

As I see from your last description, that it did work prior to the reboot. This confirms that someone must have executed the "stty" command before, but did not include it as part of the boot up sequence.

The reboot resets the default cancel line and backspace characters to "@" and "#". Putting the "stty" command in the boot up sequence will make sure it gets reset on each reboot.

-- Rod Hills