HPE Community
Operating System - HP-UX
1834127 Members
2128 Online
110064 Solutions
New Discussion

Re: converting to trusted mode again

 
SOLVED
Go to solution
John Carr_2
Honored Contributor

‎12-19-2003 12:36 AM

‎12-19-2003 12:36 AM

converting to trusted mode again

I have server all patched up to latest releases for 10.20 o/s. Using SAM to attempt to change to trusted mode I received an error "cant write protected database; password file unchanged" any ideas ?

:-) john.

0 Kudos
Reply
13 REPLIES 13
Elmar P. Kolkman
Honored Contributor

‎12-19-2003 12:38 AM

‎12-19-2003 12:38 AM

Re: converting to trusted mode again

You have of course checked for full / filesystem or existing /tcb directory, haven't you?
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎12-19-2003 12:38 AM

‎12-19-2003 12:38 AM

Re: converting to trusted mode again

John,

Try it manually using tsconvert (no options, just tsconvert). If it doesn't work, maybe you'll get more info.


Pete

Pete
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

‎12-19-2003 12:40 AM

‎12-19-2003 12:40 AM

Re: converting to trusted mode again

Also check /etc/passwd for entries not starting with an alpha character.
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎12-19-2003 12:41 AM

‎12-19-2003 12:41 AM

Re: converting to trusted mode again

Hi John,

# pwcheck /etc/passwd

Regards,
Robert-Jan
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎12-19-2003 12:45 AM

‎12-19-2003 12:45 AM

Re: converting to trusted mode again

Hi John,

New hat's cool...

Check these:

1) full / FS
2) passwd file integrity - pwck
3) Perms on /tcb if it already exists

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
John Carr_2
Honored Contributor

‎12-19-2003 12:59 AM

‎12-19-2003 12:59 AM

Re: converting to trusted mode again

Hi

Elmar

plenty of disk space no problem there and no /tcb to check this is part of the creation process.

Robert

pwck shows 2 user accounts with comments at start of line and one account which it could not find home dir !

Jeff

your suggestions already covered thanks

Pete

I shall try the manual tsconvert
and this is what i got :

# ./tsconvert
Creating secure password database...
Directories created.
Making default files.
System default file created...
Terminal default file created...
Device assignment file created...
Moving passwords...
Can't write protected database;
password file unchanged.
# ls -la /tcb
/tcb not found

tsconvert has NOT created any tcb directory or if it did it deleted it too.

:-( John.
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

‎12-19-2003 01:06 AM

‎12-19-2003 01:06 AM

Solution

Re: converting to trusted mode again

John,

comment (hash) signs are NOT allowed in /etc/passwd, so make a backup of /etc/passwd and then remove those users from the file and tsconvert should work.
Every problem has at least one solution. Only some solutions are harder to find.
Reply
John Carr_2
Honored Contributor

‎12-19-2003 01:12 AM

‎12-19-2003 01:12 AM

Re: converting to trusted mode again

Elmar

just about to post you the output of pwck I suspect you hit the nail on the head I need to get sign off to do this without these accounts they may be needed later will be back with answer asap.

John.
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

‎12-19-2003 01:14 AM

‎12-19-2003 01:14 AM

Re: converting to trusted mode again

In that case, just lock the users by changing the crypted passwd to something like '*LK*'. That way the users are disabled, but still exist and you only have to change the passwd as root and they are usable again.
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎12-19-2003 01:15 AM

‎12-19-2003 01:15 AM

Re: converting to trusted mode again

John,

I suspect it's the comments then. Once you remove them, it should work.


Pete

Pete
Reply
Pete Randall
Outstanding Contributor

‎12-19-2003 01:15 AM

‎12-19-2003 01:15 AM

Re: converting to trusted mode again

John,

Oops, I forgot (again) to mention: nice hat!!


Pete

Pete
0 Kudos
Reply
Darren Prior
Honored Contributor

‎12-19-2003 01:24 AM

‎12-19-2003 01:24 AM

Re: converting to trusted mode again

John,

yes - it will be those comments in /etc/passwd!
At that part of the conversion it will have been struggling to find the right dir for the first letter of their login...

regards,

Darren.
Calm down. It's only ones and zeros...
Reply
John Carr_2
Honored Contributor

‎12-19-2003 01:26 AM

‎12-19-2003 01:26 AM

Re: converting to trusted mode again

Hi

all sorted and YES it was the comment lines.
also there was a bad login account with no home directory but this did not stop the conversion.

thanks for the help - thread closed

:-) John.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.