Operating System - HP-UX
1839267 Members
2769 Online
110137 Solutions
New Discussion

Re: Can't log in on a trusted system

 
SOLVED
Go to solution
Yvonne Butler
Regular Advisor

Can't log in on a trusted system

I have a recently trusted system that's locked out my user accounts (except one with hardly any permissions/access whatsoever). I've booted into single-user mode but can't run passwd -f root. Basically the password has expired and the account was disabled in multi-user mode. Even going to the console wouldn't allow me to log in as root to change the password. How can I change the root password therefore in single-user mode when "passwd -f root" doesn't work?
14 REPLIES 14
Sridhar Bhaskarla
Honored Contributor
Solution

Re: Can't log in on a trusted system

Hi,

You would need to unlock the root's account.

#mount /usr
#/usr/lbin/modprpw -k root

Your /sbin/passwd -f should work.

If not, then edit /tcb/files/auth/r/root and nullify the strings next to u_pwd=. Then try changing the password.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Steve Steel
Honored Contributor

Re: Can't log in on a trusted system

Hi

Try

/usr/lbin/modprpw -k root


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
David_246
Trusted Contributor

Re: Can't log in on a trusted system

Hi Yvonne,

You can boot of the CD and and mount the root-FS of the disk in.
Then empty the root-pw or paste your known pwd in in the /tcb/files/auth/r/root file

When rebooting you will be able to login again.

Regs David
@yourservice
RAC_1
Honored Contributor

Re: Can't log in on a trusted system

Goto single user mode. and unlock root and change password. Then you can unlock all accounts.

When you convert to trusted mode all accounts will be expired. You can avoid that using following command.
/usr/lbin/modprpw -V

You can unlock all accounts with following command.

/usr/lbin/modprpw -k "account_name"
There is no substitute to HARDWORK
Sridhar Bhaskarla
Honored Contributor

Re: Can't log in on a trusted system

Hi,

I don't know if I correctly understood your message. Did you mean you were not able to get into single user mode?.

This happens when enabled "Require Login upon Boot to Single User mode" while converting the system to trusted.

In this case either you have to boot the system through CD and manipulate the tcb files or move the disk to another system, import it and mount the root filesystem (not recommended).

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Jeff Schussele
Honored Contributor

Re: Can't log in on a trusted system

Hi Yvonne,

Sri has the proper answer.
When you boot single-user, nothing's mounted except / & /stand - so you either have to run /sbin/passwd or mount /usr.
And if the account is disabled then
/usr/lbin/modprpw -k root
will reenable it - but again, you'd have to mount /usr.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Steven E. Protter
Exalted Contributor

Re: Can't log in on a trusted system

It s possible that the great solutions above will not work.

In that case you need to null out the passwords, at least for root.

Here is how:

In single user mode

cd /tcb/files/auth/r

vi root

There is a line named u_pwd

remove everything between the equal sign and : (colon)

Save the file.

Root now has no password.

Boot the box and set a password.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Vijaya Kumar_3
Respected Contributor

Re: Can't log in on a trusted system

In trusted system, it is nice to install and configure sudo package.

Add some other admin users as sudoers to have root privileges access to modprpw command. So, when an account gets disabled including root, you can use these sudo accounts to enable them.
Known is a drop, unknown is ocean - visit me at http://vijay.theunixplace.com
Yvonne Butler
Regular Advisor

Re: Can't log in on a trusted system

The single user methods aren't working. When mounting /usr its showing nothing in the directory (could be a corruption on the disk). I'm about to try booting from the CD therefore.
Sridhar Bhaskarla
Honored Contributor

Re: Can't log in on a trusted system

Hi,

No point booting from the CD if you think that the filesystem is corrupted. I wonder if /usr is really getting mounted. Try this while you are in single user mode.

#grep usr /etc/fstab
Note the corresponding device file say /dev/vg00/lvol5
#mount /dev/vg00/lvol5 /usr

If it says corrupted, then you would need to do fsck. If fsck didn't fix it, then it is really corrupted.

As I said before and mentioned by others, you can manually remove the root's password by editing /tcb/files/auth/r/root file.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Yvonne Butler
Regular Advisor

Re: Can't log in on a trusted system

Ahhhh, an fsck on /dev/vg00/lvol8 fixed the problem with /usr. I then could run "/usr/lbin/modprpw -k root", and "passwd -f root" but I still can't log in as root in multi-user mode. Whatever password I put in is wrong. I'm now booting into single-user mode again. Any ideas anyone?
Yvonne Butler
Regular Advisor

Re: Can't log in on a trusted system

By the way, I tried to edit the /tcb file but vi isn't available so I can't edit it.
Yvonne Butler
Regular Advisor

Re: Can't log in on a trusted system

Its fixed now, thanks everyone. Initially I couldn't vi the /tcb file because the /var directory wasn't mounted, once that was mounted I could vi the file but the terminal type wasn't set. Once that was set I edited the /tcb file and blanked out the password for root. Booted into multi user mode and its let me log in as root and I've now set a password. Thanks very much everyone.
RAC_1
Honored Contributor

Re: Can't log in on a trusted system

Is your password more than 8 chars? If yes try logging in with first 8 chars of the password only.

Also are you using any special chars in password? Specially such as @. then exclude that, create new password and try.
There is no substitute to HARDWORK