HPE Community
Operating System - HP-UX
1825766 Members
2110 Online
109687 Solutions
New Discussion

How to disable aks for old root password when root wants to chage it.?

 
SOLVED
Go to solution
Omar Muñoz
Advisor

‎05-02-2005 07:47 AM

‎05-02-2005 07:47 AM

How to disable aks for old root password when root wants to chage it.?

Hi,

Someone knows how to disable that the command passwd asks for the old root password when the root wants change it in a HP-UX 11.0 Server ?

Also, sometimes the account is disable, do you know how to disable this poscies?

Thanks and Regards!!!

Omar
0 Kudos
Reply
8 REPLIES 8
Uday_S_Ankolekar
Honored Contributor

‎05-02-2005 08:04 AM

‎05-02-2005 08:04 AM

Re: How to disable aks for old root password when root wants to chage it.?

Your system is trusted and that is the security feature of a trusted system to confirm old password before you change it it a new one.

tsconvert -r will make your server untrusted.(Take backup of current /etc/passwd and /tcb directory)

once your server is untrusted then use "passwd root" command to change password

You can login to server from webconsole or normal console even if the accoutn is disabled.

Other option is to boot the server in single user mode and change the password.
Good Luck..
0 Kudos
Reply
Rick Garland
Honored Contributor

‎05-02-2005 08:12 AM

‎05-02-2005 08:12 AM

Re: How to disable aks for old root password when root wants to chage it.?

You are working in a trusted environment. These are features of trusted systems.

To disable, go back to untrusted system.
0 Kudos
Reply
Omar Muñoz
Advisor

‎05-02-2005 08:23 AM

‎05-02-2005 08:23 AM

Re: How to disable aks for old root password when root wants to chage it.?

Thanks for you help.
I do not have the commnad tsconvert on my system.
If it is necessary to have any patch or software installed for this commnand ?

Thanks in advance..
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎05-02-2005 08:27 AM

‎05-02-2005 08:27 AM

Re: How to disable aks for old root password when root wants to chage it.?

Hi Omar,

If you are root then try
/sbin/passwd root
The /usr/bin/passwd command will always ask for the old. The /sbin/passwd binary won't.

If that doesn't work then edit
/tcb/files/auth/r/root entry & remove the value. BE SURE to only remove what's between
:u_pwd= AND :\
If any of that is removed the entry will become invalid.
Then when you run passwd you will not be prompted. ALSO NEVER leave it w/o a value in there as anyone could login as root without a PW.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Nguyen Anh Tien
Honored Contributor

‎05-02-2005 10:33 AM

‎05-02-2005 10:33 AM

Solution

Re: How to disable aks for old root password when root wants to chage it.?

Trusted system always ask you old passwd when you change password. To convert your system to nomal (untrusted) by this command
#tsconvert -r
then your system will not ask you password anymore.
tienna
HP is simple
Reply
Omar Muñoz
Advisor

‎05-02-2005 10:59 AM

‎05-02-2005 10:59 AM

Re: How to disable aks for old root password when root wants to chage it.?

Thanks...

------

# /etc/tsconvert -r
Restoring /etc/passwd...
/etc/passwd restored.
Deleting at and crontab audit ID files...
At and crontab audit ID files deleted.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-02-2005 01:24 PM

‎05-02-2005 01:24 PM

Re: How to disable aks for old root password when root wants to chage it.?

There are very good reasons to ask for the old password and they all have to do with security. Now if the root password keeps getting disabled, it is a sign of misuse of your system. You can always change the number of times that a bad password can be entered before the account is disabled. NOTE: you can always login as root on the console, even when root is disabled. That's the reason to have some method to get to the console.

Converting back to un-trusted removes a lot of security features. You should also look at adding sudo to your system to prevent root lockouts. With sudo, no one needs to know the root password in order to get sysadmin work done.


Bill Hassell, sysadmin
Reply
Nguyen Anh Tien
Honored Contributor

‎05-03-2005 12:52 PM

‎05-03-2005 12:52 PM

Re: How to disable aks for old root password when root wants to chage it.?

Remember to assign points to us.
thank
HP is simple
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.