System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Can't unlock user (Trusted Mode)

SOLVED
Go to solution
Highlighted
mpua
Frequent Advisor

Can't unlock user (Trusted Mode)

Hi,

 

I'm getting a really weird behaviour in one of our HPUX 11.23 boxes, with Trusted Mode enabled.

 

When I want to unlock a user which has been disabled, it seems the modprpw does nothing:

 

server1@root:>getprpw -l user1
uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 10:43:33 2013, ulogint=Fri Jul 5 10:49:36 2013, sloginy=-1, culogin=3, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000

 

 

server1@root:>modprpw -k user1

 

server1@root:>getprpw -l user1

uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 10:43:33 2013, ulogint=Fri Jul 5 10:49:36 2013, sloginy=-1, culogin=3, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000

 

 

What could cause this? Things get ever more weird when I make a su - into the user, since it gets enabled:

 

server1@root:>su - user1

 

server1@user1:>exit
logout

 

server1@root:>getprpw -l user1
uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 11:01:36 2013, ulogint=Fri Jul 5 10:56:13 2013, sloginy=-1, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000

 

 

Any hints?

3 REPLIES
Patrick Wallek
Honored Contributor
Solution

Re: Can't unlock user (Trusted Mode)

After you run the 'modprpw' command to reactivate a user, run the command 'echo $?' to see what the return status of the command was.  It should be '0' if it is completing normally.

 

I would also make sure that your 'modprpw' command is correct.

 

Here is info from one of the 11.23 systems I have access to:

 

# whence -v modprpw
modprpw is /usr/lbin/modprpw

# ll /usr/lbin/modprpw
-r-xr-xr-x   1 bin        bin          49152 Sep  3  2003 /usr/lbin/modprpw

# what /usr/lbin/modprpw
/usr/lbin/modprpw:
        $Revision: 92453-07 linker linker crt0.o B.11.16.01 030415 $
         $Revision: B11.23_LR
         Fri Aug 29 21:29:08 PDT 2003 $

 

Emil Velez_2
Trusted Contributor

Re: Can't unlock user (Trusted Mode)

you can editmthe file for that user in the /tcb directory and change the flag that makes it locked
Emil Velez
Instructor Storage, Servers, HP-UX and Partner Courses
Hewlett Packard Enterprise Education Services
Ask me about training on StoreServ (3PAR) StoreOnce, StoreEasy, StoreAll, StoreVirtual, HP-UX, ServiceGuard and HPE Partner Ready Certification Training

internet: Emil.Velez@hpe.com
Linkedin: http://www.linkedin.com/in/emilvelez

HPE Master ASE Server Solutions Architect V3
HPE Master ASE Storage Solutions Architect V2
HP UNIX Certified (ASE HPUX 11iv3 Administration V1)
Certified HPE Instructor
HPE Product Certified - OneView [2016]
HP Sales Certified -Servers, Converged Systems and Services [2015]
HPE Product Certified - Converged Solutions [2017]
mpua
Frequent Advisor

Re: Can't unlock user (Trusted Mode)

Thanks to both for your help.

 

Yeah, there was a problem with the binary /usr/lbin/modprpw indeed, it was zero bytes size and the what command on it didn't show any output, it may have got overwritten somehow.