HPE Community
Operating System - HP-UX
1833043 Members
2384 Online
110049 Solutions
New Discussion

Password reset to trusted system

 
Renante M. Yu_1
Occasional Advisor

‎07-11-2003 11:15 PM

‎07-11-2003 11:15 PM

Password reset to trusted system

Hi, I need to restore the password of the account sapr3 in my hpux 11.00 box. After converting the server to trusted system. I cannot reset the password of sapr3 to (example.."aaaa"). This is due to, the sapr3 account's password was hardcoded in the DB so that we need to restore it.
Please help.
Only dead people have seen peace
0 Kudos
Reply
5 REPLIES 5
steven Burgess_2
Honored Contributor

‎07-12-2003 01:49 AM

‎07-12-2003 01:49 AM

Re: Password reset to trusted system

Hi

There are 3 choices I suppose

1. Restore /etc/passwd to /tmp from tape before you made the system secure then cut the password field from the old passwd file then paste into password field for that particular user in /tcb/files/auth/[a-zA-Z]/ file

2. /usr/lbin/tsconvert -r to unconvert then reset users password , copy password entry etc

3. Set the security policy to allow users to pick there own passwords. I have never done this but syntax is something like /usr/lbin/modprpw -usrpick=yes. I haven't got a system that I can test on though

HTH

Steve
take your time and think things through
0 Kudos
Reply
Kiran Kumar Aekabote
Frequent Advisor

‎07-12-2003 01:55 AM

‎07-12-2003 01:55 AM

Re: Password reset to trusted system

Hi

On trusted system to reset password, run the command as root or root previliages

#passwd sapr3

pick the passwd option (p)
set the new password as old password.

If the system is not allowed to set the old password, u need to change the password policy for the "sapr3" as below

Run SAM and go to users-> select the "sapr3" a/c from actions tab select Modify users security policies.

From this select the password ageing policies and set to "disable".

select General user account policies and set the following as:
1.A/c life time :None(infinite)
2.Max. inactive days: disable(default)
3.Unsuccessful login tries allowed: customize and value to be set to 0 (zero)
4.Authorised user to boot in single user mode : no

for more info see the man pages
You Just can't beat ME
0 Kudos
Reply
steven Burgess_2
Honored Contributor

‎07-12-2003 02:12 AM

‎07-12-2003 02:12 AM

Re: Password reset to trusted system

scchheeeezz. Why have I gone round the houses

just reset the password

/usr/lbin/modprpw -x

login as the user then set the old password

wakey wakey

Steve
take your time and think things through
0 Kudos
Reply
Caesar_3
Esteemed Contributor

‎07-12-2003 06:33 AM

‎07-12-2003 06:33 AM

Re: Password reset to trusted system

Hello!

Convert back from the trusted then change the
password and after convert again to trusted.

Caesar
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎07-12-2003 08:53 AM

‎07-12-2003 08:53 AM

Re: Password reset to trusted system

Hi Renente,

By default trusted systems will not allow weak passwords. Password must contain at least two alphabetic haracters and at least one numeric or special character. If your old password does not obey that rule, then you cannot change the password.

Also, there may be security policies like minimum time between password changes etc., that are not allowing you to change the password. Use sam and go to Accounts and Groups and select the sapr3 user. You can find the "security policies" in the Actions menu. Look at them and see any of them are interfering with what you are doing.

If none of the above worked, unconvert the system "/usr/lbin/tsconvert -r". Change and get the encrypted password of the user and save it somewhere. Convert the system back and disable password expiry. "/usr/lbin/modprpw -m "exptm=0" (or SAM). You can always edit /tcb/files/auth/s/sapr3 file and change the encrypted entry there. But you have to be very careful otherwise, you may mess up the trusted database integrity.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.