HPE Community
Operating System - HP-UX
1752433 Members
5998 Online
108788 Solutions
New Discussion юеВ

Re: Problem with modprpw -V

 
SOLVED
Go to solution
dictum9
Super Advisor

тАО07-30-2009 08:08 AM

тАО07-30-2009 08:08 AM

Problem with modprpw -V


I converted the 11.23 box trusted host:

tsconvert

/usr/lbin/modprpw -V

Now these problems:

I cannot ssh as root to the box
Cannot change the root password - when it prompts for the old password, it doesn't recognize it.
Also I cannot su to root.
I cannot login as root even over the console connection.

I can still sudo to root but that's about all.

Is that normal behavior?

0 Kudos
Reply
10 REPLIES 10
Patrick Wallek
Honored Contributor

тАО07-30-2009 08:15 AM

тАО07-30-2009 08:15 AM

Solution

Re: Problem with modprpw -V

How long is the root password? Is it more than 8 characters? If so, try entering just the first 8 characters.

If I remember correctly, passwords get truncated to 8 characters during the conversion.
Reply
dictum9
Super Advisor

тАО07-30-2009 09:48 AM

тАО07-30-2009 09:48 AM

Re: Problem with modprpw -V


That was exactly the problem, root password got truncated to 8 chars.

What option can I use to allow passwords greater than 8 chars?
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО07-30-2009 09:57 AM

тАО07-30-2009 09:57 AM

Re: Problem with modprpw -V

Hi:

> What option can I use to allow passwords greater than 8 chars?

Set MIN_PASSWORD_LENGTH in '/etc/default/security'.

For the details, see:

http://docs.hp.com/en/B3921-60631/security.4.html

Regards!

...JRF...
Reply
dictum9
Super Advisor

тАО07-30-2009 10:05 AM

тАО07-30-2009 10:05 AM

Re: Problem with modprpw -V



I don't get it. My root passwd is greater than 8 chars, so that it should fulfill that requirement.

Now it doesn't seem to apply to root account anyway, per following?

MIN_PASSWORD_LENGTH
This attribute controls the minimum length of new passwords. It applies to trusted systems and to non-root users on standards systems.
***** This attribute applies only to non-root local users.
If the TrustedMigration product is installed, the system-wide default defined here may be overridden by defining per-user values in /var/adm/userdb (described in userdb(4)).
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО07-30-2009 10:08 AM

тАО07-30-2009 10:08 AM

Re: Problem with modprpw -V

At the conversion time, root's password gets truncated to its first 8 characters. AFter the conversion, you can make it however long you want within reason. MIN_PASSWD_LENGTH like many other system restrictions do not apply to root user as far as I know, but longer, you definitely can do.
________________________________
UNIX because I majored in cryptology...
Reply
dictum9
Super Advisor

тАО07-30-2009 10:22 AM

тАО07-30-2009 10:22 AM

Re: Problem with modprpw -V

OK, I follow this. This means I have go go and manually change root password on all the machines to the correct non-truncated password.
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО07-30-2009 10:34 AM

тАО07-30-2009 10:34 AM

Re: Problem with modprpw -V

Unfortunately, this is a shortcoming of trusted system conversion. Nothing you and I can do.


________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Vishu
Trusted Contributor

тАО07-30-2009 11:42 AM

тАО07-30-2009 11:42 AM

Re: Problem with modprpw -V

Hi etc

***Cannot change the root password - when it prompts for the old password, it doesn't recognize it.*****

try this at single user mode, just edit the file /tcb/files/auth/r/root and change

u_pwd=d28YO95ejx0gw:\ (whatever in your system)

to

u_pwd=:\

it will nullify your password, then you will be able to login as root and change your password. i faced this problem and i tried this way and sorted it out.
0 Kudos
Reply
OldSchool
Honored Contributor

тАО07-31-2009 06:33 AM

тАО07-31-2009 06:33 AM

Re: Problem with modprpw -V

you should be able to use the "first 8 characters" of the existing password to get in. after that you can change the password to whatever, but according to "man password" notes, hp recommends less than 40 characters.

you should also be aware that your users may face the same issue. that will depend on how long their passwords were.

As I recall, this issue is documented somewhere in the conversion procedures, or at least a warning about such issues is there.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.