HPE Community
Operating System - HP-UX
1832513 Members
5012 Online
110043 Solutions
New Discussion

accounts expire after System Security Policies configured.

 
Jonathan Grymes
Frequent Advisor

‎09-22-2008 11:28 AM

‎09-22-2008 11:28 AM

accounts expire after System Security Policies configured.

HPUX 11i Ver 2 (Itanium)
After I put my system in trusted mode Im still able to login with my account and su to root. I then configure System Security Policies (via SAM) with password aging Enabled, and then go to the individual accounts (mine and root) and disable password aging. At this point Im now locked out. The system will not accept my password nor can I su to root.

If I untrust the system at this point the passwords work.
0 Kudos
Reply
4 REPLIES 4
Patrick Wallek
Honored Contributor

‎09-22-2008 11:40 AM

‎09-22-2008 11:40 AM

Re: accounts expire after System Security Policies configured.

Accounts are expired by default after converting to trusted.

After converting you need to do:

# /usr/lbin/modprpw -V

to refresh all accounts.
0 Kudos
Reply
Jonathan Grymes
Frequent Advisor

‎09-22-2008 11:50 AM

‎09-22-2008 11:50 AM

Re: accounts expire after System Security Policies configured.

Ok, how do set the root password. Im still unable to su. Same with the other accounts.
0 Kudos
Reply
Ganesan R
Honored Contributor

‎09-23-2008 02:15 AM

‎09-23-2008 02:15 AM

Re: accounts expire after System Security Policies configured.

Hi,

It is not preferred to set security policies for root account since some policies may deactivate the account.
For examample "unsuccessful login tries".

If root account locked follow the steps to reset it.

1. Boot the system in to single user mode.

2. Mount /usr file systems.
# mount /usr

Note: The file system might need file system check (fsck) before mounting.

3. Systems that are not using Trusted System security skip to step #4.
For Trusted Systems (presence of a /tcb directory), follow these additional
steps:

a) Use the following command to reactivate the 'root' account:
# /usr/lbin/modprpw -k root

b) Use the 'modprpw' command to null the password, so that the passwd command
does not prompt for the old password.

10.x
# /usr/lbin/modprpw -w "" root

11.x
# /usr/sam/lbin/usermod.sam -F -p "" root

NOTE: To untrust the system, use: tsconvert -r

4. Change the root account password.
# passwd root

5. Boot the system in to multi user mode.

Hope this helps.
Best wishes,

Ganesh.
0 Kudos
Reply
ManojK_1
Valued Contributor

‎09-23-2008 08:56 PM

‎09-23-2008 08:56 PM

Re: accounts expire after System Security Policies configured.

You can remove the root account lock out after making the system in trusted mode by the following command.

/usr/lbin/modprpw -m exptm=0,lftm=0,mintm=0,expwarn=0,llog=0 root


Do it always for root account.After making the system in trusted mode.
Thanks and Regards,
Manoj K
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.