1748165 Members
3721 Online
108758 Solutions
New Discussion юеВ

Re: Account Locked

 
Scott McDade
Frequent Advisor

Account Locked

Have you ever seen the root account of a HPUX 10.2 workstation get locked and display "Account Locked in the Commerical Security Database, contact administrator" and the root password does not work? If so what causes it and how can I regain access?
Keep it Simple!~
8 REPLIES 8
Jim Moffitt_1
Valued Contributor

Re: Account Locked

It's probably a trusted system. Reboot into single user mode. To do this interupt the boot process when it asks you to, then type bo and y to interact once you get to the ISL> type:
ISL>hpux -is
Now you have to convert the system back to a non-trusted system. The command is tsconvert and I believe on workstations it's in the /etc directory. Once you locate this command type:

tsconvert -r to revert to a non-trusted system. Edit /etc/passwd to remove root's encrypted password, run passwd to set a new one. Then run tsconvert to return to a trusted system.
Pedro Sousa
Honored Contributor

Re: Account Locked

If it is a trusted system, you cannot gain root access in single user mode without password!
Pedro Sousa
Honored Contributor

Re: Account Locked

Hi again!
Sorry Jim! You are correct.
But I suggest Scott to try the following:
when in single user mode
edit /tcb/files/auth/r/root file
find the line containing,
":u_pwd=xxxxxxxxxxxxxx:"
remove the entries between the "xxxxxxxxxxxxxx"

Try now to change the root password: passwd root
Start-up the system "reboot".

if this doesn't work, I found:
http://europe-support.external.hp.com/cki/bin/doc.pl/sid=070d1ee21932ca67f5/screen=ckiDisplayDocument?docId=200000024605169

good luck.
Jim Moffitt_1
Valued Contributor

Re: Account Locked

That is not true. You are not asked for a username or password when going into single user mode. When you boot into single user mode, you are brought right into a system prompt. One thing I forgot to mention is that when you get the prompt do a mount -a to mount your file systems.
Jim Moffitt_1
Valued Contributor

Re: Account Locked

Pedro, that's a real good suggestion. It beats having to revert back and forth between Trusted and non-trusted and back to trusted again.
boley janowski
Trusted Contributor

Re: Account Locked

scott,

befor you reboot, try this

select options and then select command line login.

at this point login as root with root passwd, it should let you login at that time exit and let the workstation go back to CDE login, now try to login again at the CDE.
Chris Calabrese
Valued Contributor

Re: Account Locked

Logging in on the workstation
command-line login will work,
but it won't clear the lock.
But that's not hard either.
Just login as root on the
command-line console and run

/usr/lbin/modprpw -k root

Of course, this command
is totally undocumented...
Brainbench MVP for Unix Administration and Internet Security, SANS Review Editor, and Center for Internet Security HP-UX Benchmark project leader
CHRIS ANORUO
Honored Contributor

Re: Account Locked

Hello Dear,

I go with Boley and Chris. You can go thro SAM to modify the password for root.


Cheers!
When We Seek To Discover The Best In Others, We Somehow Bring Out The Best In Ourselves.