HPE Community
Operating System - HP-UX
1755385 Members
7122 Online
108832 Solutions
New Discussion юеВ

Accounts are lock/disabled after converting to TCB

 
Pando
Regular Advisor

тАО01-11-2008 04:36 AM

тАО01-11-2008 04:36 AM

Accounts are lock/disabled after converting to TCB

Dear Gurus,

I have my HP-UX 11.11 running under TCB, my account locked and so is the root. What i did was boot to single user mode, untrust the system and change the root password. I was able to gain access again. when i checked the /etc/passwd, the root account and my account had a special character after the account and not the usual * (asterisk). so i did convert it again to TCB by running tsconvert. I checked again the /etc/passwd and everything is back to normal again. I logged out of the system and tried to log in but it keeps asking for my password. I think my account is locked already. What should i do?
0 Kudos
Reply
5 REPLIES 5
Roberto Arias
Valued Contributor

тАО01-11-2008 06:39 AM

тАО01-11-2008 06:39 AM

Re: Accounts are lock/disabled after converting to TCB

Hi Pando:

Your password is expired, when you convert system at TCB you must unmark the 'expire password inmediatly' option.

Convert system from SAM is easiest way

regards
The man is your friend
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО01-11-2008 07:12 AM

тАО01-11-2008 07:12 AM

Re: Accounts are lock/disabled after converting to TCB

If you use tsconvert to switch to TCB mode, run

/usr/lbin/modprpw -V

right after the tsconvert to avoid the immediate expiration of all accounts.

You might also want to run something like

/usr/lbin/modprpw -m lftm=0,exptm=0,mintm=0,acctexp=-1 root

to make sure the root account will never expire.

MK
MK
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО01-14-2008 03:43 AM

тАО01-14-2008 03:43 AM

Re: Accounts are lock/disabled after converting to TCB

If you used tsconvert and did not use SAM to convert to convert to Trusted mode, then this is normal -- all accounts including root will be marked as expired. If you use tsconvert, you must follow immediately with:

modprpw -V

The /etc/passwd file will always have * in the password field on a Trusted system as the encrypted password entry is moved to the /tcb database location.

Also note about password length. In a Trusted system, long passwords (more than 8 characters) are supported but in an unTrusted system, anything beyond 8 characters is ignored (silently). But on a Trusted system, those extra characters beyond 8 will be meaningful. So after converting to a Trusted system, all users must be told to type their current password up to 8 characters. Once logged in, users can then change their password to a longer string and it will become the new password.


Bill Hassell, sysadmin
0 Kudos
Reply
Roberto Arias
Valued Contributor

тАО11-03-2008 08:22 AM

тАО11-03-2008 08:22 AM

Re: Accounts are lock/disabled after converting to TCB

hello Pando:

you most to do login in console for unlock root.

The man is your friend
0 Kudos
Reply
Jaime Bolanos Rojas.
Honored Contributor

тАО11-03-2008 08:29 AM

тАО11-03-2008 08:29 AM

Re: Accounts are lock/disabled after converting to TCB

Roberto, this thread was open on Jan, and now you posted an answer several months later. Please lets try to avoid those type of things, there are plenty of threads from today or the weekend that you can answer.

Regards,

Jaime.
Work hard when the need comes out.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.