Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Root locked out with enhanced C2 security

Nancy J. Wick
Occasional Contributor

Root locked out with enhanced C2 security

I've setup and enabled the enhanced C2 security on my Tru64 cluster. We've found ourselves now locked out of root (the account is disabled). With the CDE window up at the system console - I do not know how to get the true console screen to be primary (come in front) in order to get a prompt to login as root at the console. Before I start "crashing" a system, I want to find out what's the recommended approach to fix this.
6 REPLIES
Ivan Ferreira
Honored Contributor

Re: Root locked out with enhanced C2 security

At the login screen, select Options, Sessions, Command Line Session.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Nancy J. Wick
Occasional Contributor

Re: Root locked out with enhanced C2 security

Tried that - didn't work - brought be back to the window login and it's all grayed out.
Ivan Ferreira
Honored Contributor

Re: Root locked out with enhanced C2 security

Did you receive the login prompt? You should press some ENTER after the GUI screen disappears.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Nancy J. Wick
Occasional Contributor

Re: Root locked out with enhanced C2 security

I did receive a login prompt. I entered the root username and password. I got a message back that root was disabled but logins were ok via the console. I epxected then to get a prompt (so maybe it's actually logged in) but then the X-Window login screen came back up. So my guess is that it popped back in front of the console screen... since it's grayed out (can't get any attention from it) I can't get rid of the login window to get back to the console screen itself. Year's ago on VMS there used to be a way to with a control sequence, pop the console window "in front of" the X-window display. Don't know if this is or ever was a feature on the UNIX side. Otherwise, I may need to crash one of the cluster members and come up single user mode. Not sure then how to reset the root password with the C2 security if that's all I'm left with as an option. Any ideas?
Rob Leadbeater
Honored Contributor

Re: Root locked out with enhanced C2 security

Hi,

I'm fairly certain that you will have to drop one node to single user. I don't think there's any way around this if the root account is locked out.

I think the following procedure will work, although its a while since I've had to do it...

Halt one node (hopefully everything carries on running on the other node)
>>> b -fl s
# mountroot
# mount /usr
# mount /var
# TERM=xterm;export TERM
# EDITOR=vi;export EDITOR (or pick an alternate editor if you don't do vi)
# edauth root

Remove the u_lock entry from the eduath record - I think and save.
# passwd root


Hope this helps,

Regards,

Rob
Ann Majeske
Honored Contributor

Re: Root locked out with enhanced C2 security

There are several reasons that the root account might be locked out. Most of them will be resolved by changing the password with the passwd command (after you've rebooted to single user mode). You should NOT remove the u_lock field, but if it's there change it to u_lock@ to unlock that particular lock. After changing the password I'd try logging in (using /bin/login) while I'm still in single user mode to make sure that whatever locks were there have been resolved.

Ann