HPE Community
Operating System - HP-UX
1834571 Members
3299 Online
110069 Solutions
New Discussion

Cannot su or login as root, but can telnet.

 
SOLVED
Go to solution
Andy Rudeseal_1
Occasional Advisor

‎12-12-2001 11:51 AM

‎12-12-2001 11:51 AM

Cannot su or login as root, but can telnet.

Hey everyone, got a good one for ya's.

I know some of the following is bad practice, but why I cannot do it is puzzling.

Basically here is what I can do:

Telnet to the box and login as root.

Telnet to the box and login as a normal user.

Login to CDE as a normal user


Here is what I cannot do:

login as myself, su to root
it says "sorry"

login as myself, type login
it says "login incorrect"

Try to login to CDE as root
it says "long incorrect; please try again"

Weird huh? This is driving me nuts. This only started happening on a reboot of the box, which is an A-class running 11.0. It is a trusted system.

This wouldn't be that bad, except that I cannot su to root. As root, I can su to a normal user just fine.

Any ideas?

Thanks,
Andy
0 Kudos
Reply
14 REPLIES 14
Helen French
Honored Contributor

‎12-12-2001 12:01 PM

‎12-12-2001 12:01 PM

Re: Cannot su or login as root, but can telnet.

hey,

This can be the result of the trusted system settings. See this if helps:

http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90121/B2355-90121_top.html&con=/hpux/onlinedocs/B2355-90121/00/00/8-con.html&toc=/hpux/onlinedocs/B2355-90121/00/00/8-toc.html&searchterms=trusted%7csystem&queryid=20011212-120132

Shiju
Life is a promise, fulfill it!
0 Kudos
Reply
Andy Rudeseal_1
Occasional Advisor

‎12-12-2001 12:13 PM

‎12-12-2001 12:13 PM

Re: Cannot su or login as root, but can telnet.

Oh, something I missed as well:

I cannot change root's password.

0 Kudos
Reply
Tom Sepka
Advisor

‎12-12-2001 12:15 PM

‎12-12-2001 12:15 PM

Re: Cannot su or login as root, but can telnet.

Make sure your not using special charactors in the begining of your root password.
0 Kudos
Reply
Jeff Machols
Esteemed Contributor

‎12-12-2001 12:17 PM

‎12-12-2001 12:17 PM

Re: Cannot su or login as root, but can telnet.

go through you password file and make sure you don't have any blank lines or lines that start with #. Also, all the entries /etc/passwd should have * in the password field (second field). It sounds like you have a corrupt /etc/passwd
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎12-12-2001 12:23 PM

‎12-12-2001 12:23 PM

Solution

Re: Cannot su or login as root, but can telnet.


Try to convert system to non trusted and then try to change password.

tsconvert -r

or use sam
From the SAM menu, I selected Auditing and Security -->
Audited Events --> Actions --> Unconvert System.

-USA
Good Luck..
Reply
Craig Rants
Honored Contributor

‎12-12-2001 12:23 PM

‎12-12-2001 12:23 PM

Re: Cannot su or login as root, but can telnet.

pwck will check /etc/passwd to see if it is corrupt. Don't think that is the problem.

What is in /etc/securetty? That file affects the use off the root account.

Since your system is trusted. Go into SAM -> Users Highlight root and modify security policies. Enable password aging, but set all 4 values to 0 (thereby implicitly disabling the aging). This will modify the /tcb/files/auth/r/root file and put in the proper fields if they do not exist or are corrupt. Then go back to the main user screen and see if root is deactivated. If so activate it (I don't think you will find that it was decactivated).

Let us know,
C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
Deshpande Prashant
Honored Contributor

‎12-12-2001 12:41 PM

‎12-12-2001 12:41 PM

Re: Cannot su or login as root, but can telnet.

HI
Can you login as root on console and change password.

Thanks.
Prashant.
Take it as it comes.
0 Kudos
Reply
Andy Rudeseal_1
Occasional Advisor

‎12-12-2001 12:55 PM

‎12-12-2001 12:55 PM

Re: Cannot su or login as root, but can telnet.

Nothing odd with /etc/passwd
No special chars in roots passwd

Cannot change password from the console, but can login.
(This is a web console btw)

Tried your suggestion Craig, no go.

I also do not have a /etc/securetty file.

I have not tried going back to an untrusted system.
I will do this as kind of a last resort

My question is, why does telnet work and nothing else? Does the telnet daemon auth a user a different way?

Thanks,
Andy
0 Kudos
Reply
Jeff Machols
Esteemed Contributor

‎12-12-2001 12:57 PM

‎12-12-2001 12:57 PM

Re: Cannot su or login as root, but can telnet.

take a look at the file /etc/pam.conf, see if all the daemons are setup for the same auth
0 Kudos
Reply
Jeff Machols
Esteemed Contributor

‎12-12-2001 12:58 PM

‎12-12-2001 12:58 PM

Re: Cannot su or login as root, but can telnet.

The pam.conf should look something like this

# PAM configuration
#
# Authentication management
#
login auth required /usr/lib/security/libpam_unix.1
su auth required /usr/lib/security/libpam_unix.1
dtlogin auth required /usr/lib/security/libpam_unix.1
dtaction auth required /usr/lib/security/libpam_unix.1
ftp auth required /usr/lib/security/libpam_unix.1
OTHER auth required /usr/lib/security/libpam_unix.1
#
# Account management
#
login account required /usr/lib/security/libpam_unix.1
su account required /usr/lib/security/libpam_unix.1
dtlogin account required /usr/lib/security/libpam_unix.1
dtaction account required /usr/lib/security/libpam_unix.1
ftp account required /usr/lib/security/libpam_unix.1
#
OTHER account required /usr/lib/security/libpam_unix.1
#
# Session management
#
login session required /usr/lib/security/libpam_unix.1
dtlogin session required /usr/lib/security/libpam_unix.1
dtaction session required /usr/lib/security/libpam_unix.1
OTHER session required /usr/lib/security/libpam_unix.1
0 Kudos
Reply
Andy Rudeseal_1
Occasional Advisor

‎12-12-2001 01:30 PM

‎12-12-2001 01:30 PM

Re: Cannot su or login as root, but can telnet.

My /etc/pam.conf file looks exactly like yours.

Good think I have hair to pull out. :)

Thanks,
Andy
0 Kudos
Reply
Michael Tully
Honored Contributor

‎12-12-2001 01:39 PM

‎12-12-2001 01:39 PM

Re: Cannot su or login as root, but can telnet.

Hi,

Sound like there are two things happening
and not one. Your own account sound like
it has been locked. You can use 'modprpw'
to unlock it.

# /usr/lbin/modprpw -k username

With the 'root' account you could try expiring
the passwd again using 'modprpw'

# /usr/lbin/modprpw -w root

Be careful when running this in the root
account.... Make sure you have at least one
other session if something goes wrong.

In the attached link is the man pages

-Michael

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xebf46c96588ad4118fef0090279cd0f9,00.html
Anyone for a Mutiny ?
0 Kudos
Reply
Andy Rudeseal_1
Occasional Advisor

‎12-12-2001 02:34 PM

‎12-12-2001 02:34 PM

Re: Cannot su or login as root, but can telnet.

Michael,

I tried both, now I cannot telnet in.

I do have a couple of telnet sessions in as root. I'll see if I can reactivate root.

I still cannot change the password and it did not tell me that the password has expired.

Thanks,
Andy

0 Kudos
Reply
Andy Rudeseal_1
Occasional Advisor

‎12-13-2001 07:13 AM

‎12-13-2001 07:13 AM

Re: Cannot su or login as root, but can telnet.

Well guys, looks like the converting to a non-trusted system worked. I cannot telnet in as root now, which is a good thing :)

As soon as I unconverted and tried to login as root it asked me to change the password and I just used the same one.

I guess the trusted db file for root was corrupt or maybe had some goofy access parameters.

Thanks so much for all your help,
Andy
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.