Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Root account is locked in trusted mode while cim_server is started

Echo_Fany
Occasional Visitor

Root account is locked in trusted mode while cim_server is started

  1. Run “/usr/lbin/tsconvert -c” to Change machine to trusted mode, and then run “/usr/lbin/modprpw -V”, no need to change root's password at next login after changing to trusted mode
  2. Wait about 5 mins, login as root via telnet, failed to login. It reports “Account is disable”, check the attribute of root user.

===============================

bash-4.2# /usr/lbin/getprpw root

uid=0, bootpw=YES, audid=0, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Fri Jan 17 14:24:01 2014, upwchg=-1, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jan 17 15:44:25 2014, ulogint=Fri Jan 17 15:00:07 2014, sloginy=-1, culogin=-1, uloginy=pts/tb, umaxlntr=-1, alock=NO, lockout=0001000

===============================

                   ----- >> the “lockout=0001000” which is unexpected

3. Check the syslogd.log file, it reports many message about “Authentication failed for user root.” about cimserver

===========================

bash-4.2# tail -f /var/adm/syslog/syslog.log

Jan 17 15:58:09 hp31ia2 cimserver[8400]: PGS17200: Authentication failed for user root.

Jan 17 15:58:11 hp31ia2 cimserver[8400]: PGS17200: Authentication failed for user root.

==========================

4. Stop “cimserver”, and then unlock root account

===========================

bash-4.2# /sbin/init.d/cim_server stop

PGS10019: CIM server is stopped.

bash-4.2# /usr/lbin/modprpw -k root

bash-4.2# /usr/lbin/getprpw root

uid=0, bootpw=YES, audid=0, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Fri Jan 17 14:24:01 2014, upwchg=-1, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jan 17 15:57:38 2014, ulogint=Fri Jan 17 15:58:40 2014, sloginy=pts/ta, culogin=-1, uloginy=pts/tc, umaxlntr=-1, alock=NO, lockout=0000000

============================

5. Wait about 30 mins, recheck attribut, the “lockout” is not changed, login as root via telnet or ssh, it works fine.

 

I'm confused why cim_server will lock root account, anyone can give me help, what's issue in my cim_server demon?