Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Enhanced Security passwd command problem

David Mongan
Occasional Visitor

Enhanced Security passwd command problem

I have a Tru64 4.0f system configured with Enhanced Security.
As a root user, I can change a users password with the "passwd" command and the prpasswd map gets updated.
Non-root users are unable to change their passwords using the "passwd" command, prpasswd does not update.
The passwd command acts like it will work, it asks for the Old password, then asks for the new password twice and exits with no errors.
The suid bit on the passwd binary is set ok, so why isn't the prpasswd map updating?
4 REPLIES
Ralf Puchner
Honored Contributor

Re: Enhanced Security passwd command problem

be sure you have installed latest patchkit and check if password will be written to /etc/passwd instead of C2 passwd-files.
Help() { FirstReadManual(urgently); Go_to_it;; }
David Mongan
Occasional Visitor

Re: Enhanced Security passwd command problem

Thanks Ralf,

I currently have Patch Kit 7 installed and will download Patch Kit 8.

Could you elaborate on your other point,
are you talking about the svc.conf file?
Keep in mind that it works for root but not for ordinary users.

Thanks,
David
Ralf Puchner
Honored Contributor

Re: Enhanced Security passwd command problem

no check if the change of the passwords will be written to the correct C2 password files, maybe problem is that password will be changed within /etc/passwd and not within the protected c2 databases leading to that kind of problem
Help() { FirstReadManual(urgently); Go_to_it;; }
Ann Majeske
Honored Contributor

Re: Enhanced Security passwd command problem

Are these Local or NIS users? If NIS, are you doing this on the NIS master or client?

Are you sure you don't have both a NIS and a local Enhanced Security profile for the user?
#/usr/tcb/bin/edauth -N -g
to get NIS profile
#/usr/tcb/bin/edauth -L -g
to get local profile. You should only have one, not both.

What are the values of u_oldcrypt and u_newcrypt in the user's profile and the system default file?
#/usr/tcb/bin/edauth -g
to get the user's profile
#/usr/tcb/bin/edauth -g -d d default
to get the contents of the default file. The values of u_oldcrypt and u_newcrypt specify how the password gets encrypted and where it is stored.

What is the contents of your /etc/sia/matrix.conf file? Your /etc/svc.conf file?

Are you running the audit subsystem? If so, there might be more information in the audit logs and/or you could change your audit mask to collect more information.

You could try turning on the sialog to get more information:
#touch /var/adm/sialog
then try changing the users password both as the user and as root and see what information you get.

Ann