- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- PAM rejected by account configuration[10]:
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-12-2006 06:56 AM
тАО07-12-2006 06:56 AM
This had no problems I couldn't address on any of my other 11.11 or 11.0 servers until the last one (an 11.0 server). On that one I did the conversion and it said it was successful. However on attempting to open a new window to verify all was OK it gave me access denied for root.
From the root window I still had open I changed the password then changed it back to the original and got it working. Later another user had the same issue. On attempting to change the password to the one they gave me it said it already had that password so I again changed it to a new one then changed it back.
The messages I see in syslog are:
Jul 12 11:31:21 rback sshd[25600]: PAM rejected by account configuration[10]: Ge
t new authentication token
Jul 12 11:31:21 rback sshd[25600]: Failed password for root from 10.80.6.17 port
1380 ssh2
For the other user:
Jul 12 11:41:55 rback sshd[26979]: PAM rejected by account configuration[10]: Ge
t new authentication token
Jul 12 11:41:55 rback sshd[26979]: Failed password for sagent from 10.40.6.83 po
rt 1728 ssh2
On doing a Google I see a similar issue on a Solaris forum that talks about IIRC and 3.3 but doesn't give any real detail.
Anyone have any ideas what would cause this? Is there a way I can proactively enable the accounts without knowing the individual passwords?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-12-2006 07:05 AM
тАО07-12-2006 07:05 AM
SolutionHow did you convert? Did you use SAM or command line. If command line, all the passwords get expired until modprpw -v is run. See this thread, particularly the last few answers:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=976830
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-12-2006 07:20 AM
тАО07-12-2006 07:20 AM
Re: PAM rejected by account configuration[10]:
Ran a script to do all users:
for USER in `awk -F: '{print $1}' /etc/passwd`
do echo Updating $USER
/usr/lbin/modprpw -v $USER
sleep 1
done
Hopefully that will prevent more calls. Oddly enough I did find at least one user that did NOT experience the problem. In answer to your question I did the convert via SAM. As mentioned I had done this on other servers including another 11.0 without issue. Perhaps there is a difference in patching that made SAM act like the command line on this particular server.
I had looked at the /tcb/files/auth/*/* files for the users in questions but didn't see any information indicating they were locked.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-12-2006 08:01 AM
тАО07-12-2006 08:01 AM
Re: PAM rejected by account configuration[10]:
The script by the way is being run because we are turning on aging etc... for NEW users so we can implement individual accounts with sudo access to global accounts. We don't want to do aging on existing accounts until we're done at which point will set the global accounts to something like "*" so that users can't login directly to those accounts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-04-2007 01:17 AM
тАО05-04-2007 01:17 AM