Re: change of root password in trusted mode

Frantisek Merka_1 · ‎05-23-2003

Hi,
I have converted HP-UX 11.11 in trusted system,
after that I try to change password for root.
Passwd ask for old password, I fill it correct, but passwd answer Sorry.

Thanks for advantages.
Regards
Frantisek.

Ken Hubnik_2 · ‎05-23-2003

try this

/usr/lbin/modprpw -k root

Robert-Jan Goossens · ‎05-23-2003

Hi,

# cd /tcb/files/auth/r/

and then delete the actual encrypted password from the root file.

Robert-Jan.

Stefan Farrelly · ‎05-23-2003

cd /tcb/files/auth/r and vi the root file and remove the old password, save it, and now you can set a new one.

Im from Palmerston North, New Zealand, but somehow ended up in London...

Rainer von Bongartz · ‎05-23-2003

try using /sbin/passwd instead of using /usr/bin/passwd

Regards
Rainer

He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...

Tom Danzig · ‎05-23-2003

If the old root password is more than 8 characters long, type in only the first 8.

Frantisek Merka_1 · ‎05-23-2003

Thats the point,
Thanks for help.
Frantisek.

Jeff Schussele · ‎05-23-2003

Tom has nailed it - ONLY type in the first 8 chars - that's all that was transferred to /tcb....

Moral - ALWAYS keep TWO windows for root when converting. Then you have a window to reset root PW.

Rgds,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

Steven E. Protter · ‎05-23-2003

I had this earlier THIS week.

1) If it lets you log on the console, issue the passwd command there.

2) Follow this procedure to null out the root password and then issue the command.

HP: Do we have a bug here. My keystroke law shows NOBODY ran the passwd command on root.

Solution:
~~http://search.hp.com/redirect.html?url=http%3A//forums.itrc.hp.com/cm/QuestionAnswer/1,,0x751fb941255cd71190080090279cd0f9,00.html&qt=null+%2Bpassword+%2Btrusted+%2Bsystem+%2Broot&hit=1~~

[Moderator edit: The above link is no longer valid.]
SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Jeff Schussele · ‎05-23-2003

Hi SEP,

No I wouldn't call it a bug.
It's more of a senselessly rigid rule.
M$ would call it a "feature".
ONLY the first 8 chars are converted & xferred to /tcb...
BUT the login binary WILL eval ALL chars typed in the PW field & that will NOT match the actual PW field post-conversion. But the first 8 chars WILL.

Rgds,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

Holger Dietze · ‎05-24-2003

Hi Jeff,

if I understand that right, on a trusted system only 8 chars of the password are compared, no matter how long the password is? What if somebody wants (for security) a longer password? Or did I miss something?

Cheers, Holger.

Robert-Jan Goossens · ‎05-24-2003

Hi Holger,

No you have missed the fact that this question is about conferting to a trusted system, on a default NON trusted system only the first 8 characters are read by hpux (you can enter more) but if you convert to a trusted system then the passwords are 8 characters until changed.

Hope it helps,

Robert-Jan.

Bill Hassell · ‎05-24-2003

To help clarify the 8 character limit, a non-Trusted system will accept virtually any length password but stores only the first 8. You can login with the first 8 characters correct and nothing but random characters following the first 8, and it still works OK.

However, a Trusted System treats every character as valid. So if your password was p2345678, you could login on an untrusted system with p234567890 and it will work, but always fails on a Trusted system. The fix is to change the password to whatever is needed as far as length. This problem usually shows up just after converting from non-Trusted to Trusted. The 'old' password worked OK but it was longer than 8 chars and silently ignored before conversion to Trusted.

Bill Hassell, sysadmin

Steven E. Protter · ‎05-24-2003

For the record, my situation was different.

My system had been trusted for quite some time.

Nobody logged in as root, so there was no opportunity to change the password.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Gary Jackson · ‎09-17-2003

This is happening for all my users.

Whenever their passwords expire and they are prompted to re-enter their old password the following occurs.

If their old password is more that 8 chars and they enter the first 8 chars the system allows them to change passwords

If their old password is exactly 8 chars and they enter all 8 the system gives the error. However if they enter the first 7 chars it works.

How do we fix this entire problem?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: change of root password in trusted mode

change of root password in trusted mode