HPE Community
Operating System - HP-UX
1834644 Members
2512 Online
110069 Solutions
New Discussion

Re: Password Expiration

 
SOLVED
Go to solution
Global Server Operation
Frequent Advisor

‎04-24-2002 07:19 AM

‎04-24-2002 07:19 AM

Password Expiration

I have a N4000 server running 11.i in a trusted host environment. Password aging is set to 90 days and users are having trouble creating new password. They get the password expiration message but when they are asked to enter their old password to create a new password the system says "sorry password not found" or "Login aborted due to no password" errors?

Any suggestions to resolve this problem will be very helpful.
0 Kudos
Reply
16 REPLIES 16
Craig Rants
Honored Contributor

‎04-24-2002 07:22 AM

‎04-24-2002 07:22 AM

Re: Password Expiration

Run authck -p, see what that output says, possibly there is a problem with the protected password database.

C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎04-24-2002 07:28 AM

‎04-24-2002 07:28 AM

Re: Password Expiration

If the got more than 8 chars in the "old" password, ask him to just entered the first 8 chars.
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎04-24-2002 07:28 AM

‎04-24-2002 07:28 AM

Re: Password Expiration

Hi,

It looks like password database is corrupted as Craig mentioned. If nothing works try converting server to untrusted and then try trusting it again.

/usr/lbin/tsconvert -r will unconvert the server

/usr/lbin/tsconvert -c to convert it back.

-Goodluck
-USA..
Good Luck..
0 Kudos
Reply
Global Server Operation
Frequent Advisor

‎04-24-2002 07:40 AM

‎04-24-2002 07:40 AM

Re: Password Expiration

I tried the authck -p and I get nothing back.
0 Kudos
Reply
Global Server Operation
Frequent Advisor

‎04-24-2002 07:43 AM

‎04-24-2002 07:43 AM

Re: Password Expiration

I also unconverted and converted the trusted host. The only thing I can't confirm right now is if the users who are experiencing the problem have passwords longer than 8 characters. If this is the case with passwords more thatn 8 characters, could this be the problem?
0 Kudos
Reply
Global Server Operation
Frequent Advisor

‎04-24-2002 07:43 AM

‎04-24-2002 07:43 AM

Re: Password Expiration

I also unconverted and converted the trusted host. The only thing I can't confirm right now is if the users who are experiencing the problem have passwords longer than 8 characters. If this is the case with passwords more thatn 8 characters, could this be the problem and why?
0 Kudos
Reply
David Burgess
Esteemed Contributor

‎04-24-2002 07:48 AM

‎04-24-2002 07:48 AM

Re: Password Expiration

Can root change the users passwords?
passwd
passwd -f will force the user to change their password on next login.

If root can login surely the database isn't corrupt?

Regards,

Dave.
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎04-24-2002 07:53 AM

‎04-24-2002 07:53 AM

Solution

Re: Password Expiration

The reason why I suggest the "8 char" thing is that if the user has had the password unchanged since the system was untrusted till now, which is trusted, then the way password encryption works on a trusted and untrusted environment differs. Since trusted system has capability to encrypt more than 8 chars, trying to change the password which was encrypted in an untrusted system will result in a mis-match. This is ONLY true if say userA had a more than 8 char password when the system was untrusted, and now when the system went to trusted, userA wants to change the password. Am I making any sense ?
Reply
Global Server Operation
Frequent Advisor

‎04-24-2002 07:57 AM

‎04-24-2002 07:57 AM

Re: Password Expiration

Root is allowed to change the password and persons we have given su priviledges to are allowed to change the password.
0 Kudos
Reply
David Burgess
Esteemed Contributor

‎04-24-2002 08:11 AM

‎04-24-2002 08:11 AM

Re: Password Expiration

Therefore if you change a users password to less than 8 characters and force them to change it on login, can they then change their password?

Dave.
0 Kudos
Reply
Global Server Operation
Frequent Advisor

‎04-24-2002 08:22 AM

‎04-24-2002 08:22 AM

Re: Password Expiration

I'm waiting from feedback from the customer regarding the number of characters in the old passwords and the new passwords that have been created in a trusted host. I do know that when a customer called in yesterday with the same problem, another system administrator was able to change a user's password which was a 9 character password and create a new password containing 9 characters.

From the previous response, I'm assuming that since the password change was done in a trusted environment we should not have the same problem 90 days from now when the system will expire the user's password.

The situation before was that the users password was created in a non- trusted enviroment and then the system was converted to trusted a few weeks later.
0 Kudos
Reply
Craig Rants
Honored Contributor

‎04-24-2002 08:29 AM

‎04-24-2002 08:29 AM

Re: Password Expiration

To test this out I would do the following

cd /tcb/files/auth/

then vi a users file lets sa s/sj1234

replace the hash between = and : i.e.. :u_pwd=rurCWlXw1t7jg:\ with
:u_pwd=:
Then have them try changing their password then. What this does is to wipe out the old password, so their if it is 9 char that won't come into play, they then will have to enter a 8 char password with a special character.

C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
pap
Respected Contributor

‎04-24-2002 10:56 AM

‎04-24-2002 10:56 AM

Re: Password Expiration

Hi,
Root can always changes password for asll users.

just su to user and change the password for that user.

else you can edit
/tcb/files/auth/*/username

wheere * is the username's first letter and username is loginid for perticular user.

remove the encrypted password string from this file and change the password.

You can do one thing,

just unconvert the trusted system to normal and clear password filed from /etc/passwd file for all the users , then ask users to enter password they wish.

Thanks,
-pap
"Winners don't do different things , they do things differently"
0 Kudos
Reply
Global Server Operation
Frequent Advisor

‎04-28-2002 07:31 AM

‎04-28-2002 07:31 AM

Re: Password Expiration

In regards to the reply from S.K.Chan, does the mis match of encrypted password files from untrusted and trusted systems apply to all users or just the users that have more than eight characters in their passwords.
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎04-28-2002 07:36 AM

‎04-28-2002 07:36 AM

Re: Password Expiration

Hi, this only affect users that had more than 8 characters password before the system was converted to trusted.
Reply
Niraj Kumar Verma
Trusted Contributor

‎04-28-2002 07:36 PM

‎04-28-2002 07:36 PM

Re: Password Expiration

Hi,

Here is my practical experience,

I was also trying to change the password for an user using the following
==============================
$ /sbin/passwd
Changing password for niraj
Invalid login name.
==============================
Then I tried

=============================
$ /usr/bin/passwd niraj
Changing password for niraj
Old NIS password:
New password:

==============================

ANd it worked !!!! ::)

After this I tried
$ which passwd
/sbin/passwd

I change my search path and it is working fine. you can also try with /usr/bin/passwd


-Niraj
Niraj.Verma@philips.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.