HPE Community
Operating System - HP-UX
1834118 Members
2660 Online
110064 Solutions
New Discussion

$ passwd vs called by system

 
Jeff Hargiss
Advisor

‎05-07-2004 08:58 AM

‎05-07-2004 08:58 AM

$ passwd vs called by system

had a user account expire, and when reset new password is generated by system [OK, normal]

then user is forced to change password 1st time they log on [OK,normal]

user does NOT get the menu to choose whether to create their own, or let system choose - always goes straight to system choosing [abnormal?]

global security settings are to allow users to choose either sysgen'd or their pick.
[no individual security settings by account - just global]

/etc/default/security rules are in place and they are followed when user runs passwd.

clues?
illegitmus non corrundum
0 Kudos
Reply
6 REPLIES 6
Joseph Loo
Honored Contributor

‎05-07-2004 03:02 PM

‎05-07-2004 03:02 PM

Re: $ passwd vs called by system

hi,

i believe you are on trusted? if so, proceed to SAM, check

Auditing and Security -> System Security Policies -> Password Format Policies -> what is selected for Password Selection Options?

also, when the user perform a passwd command, does the menu appear?

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
generic_1
Respected Contributor

‎05-07-2004 03:37 PM

‎05-07-2004 03:37 PM

Re: $ passwd vs called by system

/usr/lbin/getprpw username will tell you allot about security options on a user account and its status.
0 Kudos
Reply
Jeff Hargiss
Advisor

‎05-10-2004 03:16 AM

‎05-10-2004 03:16 AM

Re: $ passwd vs called by system

yes - this is trusted hp-ux 11i.

the parameters are set to allow user to pick, system to gen [special chars].

no menu is shown when the system is forcing a password change at the first login after you reset user password in sam and sam gives you a one time initial password for the user.
illegitmus non corrundum
0 Kudos
Reply
Jeff Hargiss
Advisor

‎05-10-2004 03:22 AM

‎05-10-2004 03:22 AM

Re: $ passwd vs called by system

forgot to clarify that this is only an issue when sam is gen'ing the password.

when user runs passwd from their shell, the menu appears allowing them to pick and everything works fine.

i will go back and audit all of the user accounts to make sure they are all defaulting to the system default and not having any local account parameters installed.

thanks!

illegitmus non corrundum
0 Kudos
Reply
Joseph Loo
Honored Contributor

‎05-10-2004 02:17 PM

‎05-10-2004 02:17 PM

Re: $ passwd vs called by system

hi,

let me get it straight. the problem only occurs after you access SAM and reset the password of a particular user.

i tried to re-produce your case but do not get your error. confirm using the command Jeff gave, /usr/lbin/getprpw to identify if the parameters, alock is NO and lockout is 0000000.

may i know how do the user access, i.e. ssh, telnet, etc, to change their password?

the last question is of course, have you been patching this server?

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
Jeff Hargiss
Advisor

‎05-11-2004 05:42 AM

‎05-11-2004 05:42 AM

Re: $ passwd vs called by system

thanks everyone for the help!

i checked the alock, all are NO.
the lockout was all 0 except for one old account.

using telnet for access.

patches are current [as of the last cd release].

the issue happens when an account has expired/locked and a new password is issued by sam.

you get the same result if you use sam to reset the password.

you do not get this result if you do a passwd as root on behalf of the user in a shell account.

illegitmus non corrundum
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.