HPE Community
Operating System - HP-UX
1826230 Members
4574 Online
109692 Solutions
New Discussion

Re: Account disable

 
Riccardo BIgoni
Occasional Advisor

‎10-24-2004 08:23 PM

‎10-24-2004 08:23 PM

Account disable

Hi,
I have added a users in a system. If I try to remsh I obtain:
#remsh myhost -l riccardo "uptime"
remshd: Account is disabled.
# remsh myhost -l riccardo
Password:
My cripted password is =rbTDEtXgXwZ6 (riccardo). When change my password and the first character isn't = (equal)
my remsh running correctly !!
Someone know this bug ???
You know if it is documented ?
Thanks
Riccardo Bigoni
0 Kudos
Reply
6 REPLIES 6
Steve Steel
Honored Contributor

‎10-24-2004 08:30 PM

‎10-24-2004 08:30 PM

Re: Account disable

Hi

Do you have the latest patch

example

Patch Name: PHNE_23003

Patch Description: s700_800 11.00 r-commands cumulative patch



Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
eran maor
Honored Contributor

‎10-24-2004 08:56 PM

‎10-24-2004 08:56 PM

Re: Account disable

Hi

This error condition can be reproduced by placing a * in the password
field of the /etc/passwd file. The * (or other non-valid) character
(see passwd(4)) indicates to the calling process that the account has
been administratively locked.

This error can also be seen when using an LDAP Server, via the PAM
module /usr/lib/security/libpam_ldap.1, to provide authentication
for r-cmds.

/etc/pam.conf contains:
rcomds auth required /usr/lib/security/libpam_unix.1
rcomds account required /usr/lib/security/libpam_unix.1
............

In this case, the problem is caused because the LDAP directory server,
by default, will use an asterisk - "*" - in the password field. Thus
remshd(1M) interprets the Account as being disabled.

love computers
0 Kudos
Reply
Riccardo BIgoni
Occasional Advisor

‎10-24-2004 09:42 PM

‎10-24-2004 09:42 PM

Re: Account disable

Thanks for answer.
In my system is installed the PHNE_2303. This problem exist in 11.00 and 11i system.
I don't use LDAP server for authentication.

Bye
Riccardo Bigoni
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎10-24-2004 09:47 PM

‎10-24-2004 09:47 PM

Re: Account disable

Hi,

Is this a trusted system?. If so, do you have password restrictions on?. Like 'getprdef -m exptm,lftm'?. How are you adding the users?.

I don't believe it has anything to do with 'remsh' command. How about trying 'telnet' to access the login after it's creation?

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Riccardo BIgoni
Occasional Advisor

‎10-24-2004 10:03 PM

‎10-24-2004 10:03 PM

Re: Account disable

Hi,
my system isn't Trusted, and haven't any restrictions pwd.
For add usig adduser, but if I a change password for old user whith vi /etc/passwd and this password BEGIN whith equal remsh don't running correctly.
If I using telnet enter in system whithout problem.
I believe that this is a problem of remsh.

Bye
Riccardo Bigoni
0 Kudos
Reply
Riccardo BIgoni
Occasional Advisor

‎10-24-2004 10:30 PM

‎10-24-2004 10:30 PM

Re: Account disable

I FOUND IT !!
In man 4 passwd:

The encrypted password consists of 13 characters chosen from a 64-character set of "digits" described below, Login can be prevented by
entering in the password field a character that is not part of the set of digits (such as *).

The characters used to represent "digits" are . for 0, / for 1, 0 through 9 for 2 through 11, A through Z for 12 through 37, and a through z for 38 through 63.

Probability remsh don't running if a password begin a non valid
character, telnet don't parsing the first character.

Thank for help

Bye
Riccardo Bigoni
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.