BladeSystem Forums have moved here
To make BladeSystem information easier to find, we have moved the BladeSystem forums here, to Servers and Operating Systems.
Security
Showing results for 
Search instead for 
Do you mean 

Root account is locked in trusted mode while cim_server is started

Occasional Visitor

Root account is locked in trusted mode while cim_server is started

  1. Run “/usr/lbin/tsconvert -c” to Change machine to trusted mode, and then run “/usr/lbin/modprpw -V”, no need to change root's password at next login after changing to trusted mode
  2. Wait about 5 mins, login as root via telnet, failed to login. It reports “Account is disable”, check the attribute of root user.

===============================

bash-4.2# /usr/lbin/getprpw root

uid=0, bootpw=YES, audid=0, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Fri Jan 17 14:24:01 2014, upwchg=-1, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jan 17 15:44:25 2014, ulogint=Fri Jan 17 15:00:07 2014, sloginy=-1, culogin=-1, uloginy=pts/tb, umaxlntr=-1, alock=NO, lockout=0001000

===============================

                   ----- >> the “lockout=0001000” which is unexpected

3. Check the syslogd.log file, it reports many message about “Authentication failed for user root.” about cimserver

===========================

bash-4.2# tail -f /var/adm/syslog/syslog.log

Jan 17 15:58:09 hp31ia2 cimserver[8400]: PGS17200: Authentication failed for user root.

Jan 17 15:58:11 hp31ia2 cimserver[8400]: PGS17200: Authentication failed for user root.

==========================

4. Stop “cimserver”, and then unlock root account

===========================

bash-4.2# /sbin/init.d/cim_server stop

PGS10019: CIM server is stopped.

bash-4.2# /usr/lbin/modprpw -k root

bash-4.2# /usr/lbin/getprpw root

uid=0, bootpw=YES, audid=0, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Fri Jan 17 14:24:01 2014, upwchg=-1, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jan 17 15:57:38 2014, ulogint=Fri Jan 17 15:58:40 2014, sloginy=pts/ta, culogin=-1, uloginy=pts/tc, umaxlntr=-1, alock=NO, lockout=0000000

============================

5. Wait about 30 mins, recheck attribut, the “lockout” is not changed, login as root via telnet or ssh, it works fine.

 

I'm confused why cim_server will lock root account, anyone can give me help, what's issue in my cim_server demon?