HPE Community
Operating System - HP-UX
1753916 Members
7688 Online
108810 Solutions
New Discussion юеВ

Reactivation of 'root' account

 
Andre Ford
Advisor

тАО07-16-2002 03:50 AM

тАО07-16-2002 03:50 AM

Reactivation of 'root' account

Hi all,

I have a question for you. We've had a situation here where the root account was deactivated due to the number of login attempts still at the default values. I've read through the various ways of correcting this and got a lot of excellent advice. I did manage to get the root account's password changed and can su to root but cannot login directly as root on the console. Here are the steps that I took to get to my current point:

- Interrupted reboot and brought the system up in single user mode
- mountall
- passwd root
- /usr/lbin/modprpw -k root (because the account was disabled)
- init 3

Everything comes up OK. I can su to root so I changed the default login attempts. Only problem is that I still cannot login directly at the console as root. I wasn't sure if my system was trusted or not but after further reading I did find out that my system is trusted. There is another command that applies to trusted systems that I did not use (/usr/lbin/tsconvert) because I'm not sure exactly what this will do. Do I need to untrust the system first, change password, reactivate the account then retrust the system to be able to login as root at the console? Anything else I can try to correct this? I have received excellent support in this forum in the past and I'm sure that trend will continue. Appreciate all inputs. Thanks in advance!

Andre
0 Kudos
Reply
12 REPLIES 12
Pete Randall
Outstanding Contributor

тАО07-16-2002 04:03 AM

тАО07-16-2002 04:03 AM

Re: Reactivation of 'root' account

Andre,

I searched the forums using a boolean search on +"root" +"console" and came up with some threads that may help:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x1bc053921f1ad5118fef0090279cd0f9,00.html
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x72b914a24fd1d4118fef0090279cd0f9,00.html

If they don't do it, try the search, there were lots of hits.

Good luck,
Pete

Pete
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

тАО07-16-2002 04:14 AM

тАО07-16-2002 04:14 AM

Re: Reactivation of 'root' account

Andre,
Check for the directory /tcb. If it exists, your system is trusted.
# ll -d /tcb

Have you ever been able to log in as root from the console? Check for an /etc/securetty file and does it contain the word console?

In addition, what error does root login from console get, this may give us clues as to how it's configured or what the problem is.

tsconvert is the command used from command line to trust and untrust a system.

Best Wishes,
Cheryl

"Downtime is a Crime."
0 Kudos
Reply
Peter Kloetgen
Esteemed Contributor

тАО07-16-2002 04:22 AM

тАО07-16-2002 04:22 AM

Re: Reactivation of 'root' account

Hi Andre,

the tsconvert- command is not supported and is able to convert a system to a trusted system and to untrust a system. But the better way is to use SAM for this. The rest of your question should be answered by the previous postings. You don't have to untrust your system first...

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
Andre Ford
Advisor

тАО07-16-2002 04:43 AM

тАО07-16-2002 04:43 AM

Re: Reactivation of 'root' account

Thanks for the prompt responses. That's good to know that I don't have to untrust the system first. I was worried about that. As for being able to login from the console in the past, yes we've been able to do that until just recently. I checked the /etc/securetty file and 'console' is the lone entry. I will also check the links that were provided. I'll let you know what I turn up. Thanks again for the prompt replys.

Andre
0 Kudos
Reply
Andre Ford
Advisor

тАО07-18-2002 05:12 AM

тАО07-18-2002 05:12 AM

Re: Reactivation of 'root' account

Hi all,

I followed some of the advice that you have given me and, so far, I'm still in the same situation. I tried logging in as root on the console to see if there are any error messages but it only comes back saying 'Login incorrect' and returns another login prompt. Due to other commitments, I have not had the chance to try the untrust/trust option but I'll give that a try today. I also checked the links provided and saw a few posts of other in the same situation (can't login as root from the console) but didn't come across any solutions that resolved this. I will continue to research but if there are any other ideas that I can try feel free to post them. Again, I'll let you what I come across.
Thanks...... Andre
0 Kudos
Reply
Peter Kloetgen
Esteemed Contributor

тАО07-18-2002 05:20 AM

тАО07-18-2002 05:20 AM

Re: Reactivation of 'root' account

Hi Andre,

please try the following procedure:

--> discontinue boot procedure when asked
--> interact with IPL? y
--> IPL> hpux -is

This will boot into real single user mode. You now have to remount the file systems.

--> vi /etc/passwd
--> remove the "*" in root accounts password field

This prevents the system to look into shadow files on trusted system. You should now be able to assign new password to root account/reenable the root account.

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
Sanjay_6
Honored Contributor

тАО07-18-2002 05:21 AM

тАО07-18-2002 05:21 AM

Re: Reactivation of 'root' account

Hi Andre,

Try these two suggesttions,

http://support1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000024603778

http://support1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000039876139

The Doc id's are A4354873 & A5368947

Hope this helps.

Regds
0 Kudos
Reply
Donald Kok
Respected Contributor

тАО07-18-2002 05:23 AM

тАО07-18-2002 05:23 AM

Re: Reactivation of 'root' account

If it is possible to reboot the machine, you can start in single user mode. you can edit the /tcb/files/auth/r/root file. After that you can login again.
My systems are 100% Murphy Compliant. Guaranteed!!!
0 Kudos
Reply
Hai Nguyen_1
Honored Contributor

тАО07-18-2002 05:46 AM

тАО07-18-2002 05:46 AM

Re: Reactivation of 'root' account

Can you login as another user at the console?

Hai
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.