HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with modprpw -V

 
SOLVED
Go to solution
dictum9
Super Advisor

Problem with modprpw -V


I converted the 11.23 box trusted host:

tsconvert

/usr/lbin/modprpw -V

Now these problems:

I cannot ssh as root to the box
Cannot change the root password - when it prompts for the old password, it doesn't recognize it.
Also I cannot su to root.
I cannot login as root even over the console connection.

I can still sudo to root but that's about all.

Is that normal behavior?

10 REPLIES
Patrick Wallek
Honored Contributor
Solution

Re: Problem with modprpw -V

How long is the root password? Is it more than 8 characters? If so, try entering just the first 8 characters.

If I remember correctly, passwords get truncated to 8 characters during the conversion.
dictum9
Super Advisor

Re: Problem with modprpw -V


That was exactly the problem, root password got truncated to 8 chars.

What option can I use to allow passwords greater than 8 chars?
James R. Ferguson
Acclaimed Contributor

Re: Problem with modprpw -V

Hi:

> What option can I use to allow passwords greater than 8 chars?

Set MIN_PASSWORD_LENGTH in '/etc/default/security'.

For the details, see:

http://docs.hp.com/en/B3921-60631/security.4.html

Regards!

...JRF...
dictum9
Super Advisor

Re: Problem with modprpw -V



I don't get it. My root passwd is greater than 8 chars, so that it should fulfill that requirement.

Now it doesn't seem to apply to root account anyway, per following?

MIN_PASSWORD_LENGTH
This attribute controls the minimum length of new passwords. It applies to trusted systems and to non-root users on standards systems.
***** This attribute applies only to non-root local users.
If the TrustedMigration product is installed, the system-wide default defined here may be overridden by defining per-user values in /var/adm/userdb (described in userdb(4)).
Mel Burslan
Honored Contributor

Re: Problem with modprpw -V

At the conversion time, root's password gets truncated to its first 8 characters. AFter the conversion, you can make it however long you want within reason. MIN_PASSWD_LENGTH like many other system restrictions do not apply to root user as far as I know, but longer, you definitely can do.
________________________________
UNIX because I majored in cryptology...
dictum9
Super Advisor

Re: Problem with modprpw -V

OK, I follow this. This means I have go go and manually change root password on all the machines to the correct non-truncated password.
Mel Burslan
Honored Contributor

Re: Problem with modprpw -V

Unfortunately, this is a shortcoming of trusted system conversion. Nothing you and I can do.


________________________________
UNIX because I majored in cryptology...
Vishu
Trusted Contributor

Re: Problem with modprpw -V

Hi etc

***Cannot change the root password - when it prompts for the old password, it doesn't recognize it.*****

try this at single user mode, just edit the file /tcb/files/auth/r/root and change

u_pwd=d28YO95ejx0gw:\ (whatever in your system)

to

u_pwd=:\

it will nullify your password, then you will be able to login as root and change your password. i faced this problem and i tried this way and sorted it out.
OldSchool
Honored Contributor

Re: Problem with modprpw -V

you should be able to use the "first 8 characters" of the existing password to get in. after that you can change the password to whatever, but according to "man password" notes, hp recommends less than 40 characters.

you should also be aware that your users may face the same issue. that will depend on how long their passwords were.

As I recall, this issue is documented somewhere in the conversion procedures, or at least a warning about such issues is there.
Bill Hassell
Honored Contributor

Re: Problem with modprpw -V

It's important to know that in a standard system (not Trusted), all passwords are 8 characters or less. If you type more characters, the extra characters are ignored. But after you convert to Trusted, only the first 8 characters are kept and when you type more characters, the Trusted code pays attention to the extra characters and your password will not match.

Since sudo works, you can run the passwd command to change root's password, then change any user passwords that were too long. You can either change the password to the full length or pick a temporary one for those users.


Bill Hassell, sysadmin