HPE Community
Operating System - HP-UX
1837943 Members
4099 Online
110124 Solutions
New Discussion

Passwords not working on trusted system

 
SOLVED
Go to solution
John Peace
Frequent Advisor

‎03-28-2003 05:04 AM

‎03-28-2003 05:04 AM

Passwords not working on trusted system

HPUX11.11i March 2003
HP L3000

I have installed the OS from scratch on (2) L3000 machines. Everything goes fine until I convert to a trusted system. Once I do, none of the passwords work. This is happening on both machines. Step I have taken that have not fixed the problem. Every time I change the password. I change it to 1fast1 or Audi0vnt. (I don???t use these on production systems, only here for ease while troubleshooting this problem)

1. Power off machine, interrupt, and go into single user mode. Change password (It also asks for old password and the password works when I put it in.). I reboot and the new password does not work.
2. Power off machine, interrupt, and go to single user mode. Mount /usr and /var. Run /usr/lbin/tsconvert ???r. Change password. Run /usr/lbin/tsconvert. Reboot machine. Password does not work.
3. Power off machine, interrupt, and go to single user mode. Mount /usr and /var. Run /usr/lbin/tsconvert ???r. Reboot machine. Password works. I then convert to trusted mode. Reboot machine. Password does not work.
4. Power off machine, interrupt, and go to single user mode. Mount /usr and /var. Run /usr/bin/vi /tcb/files/auth/r/root. I deleted out the password. Save file and reset password. Reboot machine does not work.

What am I missing?
0 Kudos
Reply
8 REPLIES 8
Michael Steele_2
Honored Contributor

‎03-28-2003 05:18 AM

‎03-28-2003 05:18 AM

Re: Passwords not working on trusted system

Try:

authck -p (* verifies the protected password file for corruption *)

Any 8 character passwords? This should pick it up.

tsconvert -r (* uncovert *)

getprpw (* if alock = yes then account is disabled *)
Support Fatherhood - Stop Family Law
0 Kudos
Reply
John Peace
Frequent Advisor

‎03-28-2003 05:41 AM

‎03-28-2003 05:41 AM

Re: Passwords not working on trusted system

I powered machine down and booted into single user mode. I ran /usr/sbin/authck -p. It returned nothing. I changed the root password to Audi0vnt. I then ran /usr/lbin/getprpw root. Got...user passowrd file not found: root.
I looked in /tcb/files/auth/r/root and it is there. /etc/passwd file also looks good. Rebooted machine. Password does not work.
0 Kudos
Reply
Stuart Abramson_2
Honored Contributor

‎03-28-2003 06:18 AM

‎03-28-2003 06:18 AM

Re: Passwords not working on trusted system

Did you try "modprpw"?

If you get the following error message on remshd to a trusted system:

remshd: login disallowed (audit error)

Then:

cd /tcb/files/auth/system
ll

total 10
-rw-rw-r-- 1 root root 404 Jun 8 07:46 default
-rw-rw-r-- 1 root sys 3 Jun 13 10:23 maxaid
-rw-rw-r-- 1 root sys 2552 Jun 19 10:34 pw_id_map

rm pw_id_map

The system will recreate the file.

Sometimes that fixes up little problems.

0 Kudos
Reply
Darren Prior
Honored Contributor

‎03-28-2003 06:30 AM

‎03-28-2003 06:30 AM

Re: Passwords not working on trusted system

Hi John,

Do you have any lock files for these users? Lock files will be be named after the user and end in -t and live in the /tcb/files/auth/r/root for root, or the appropriate lettered dir for other users.

Is this system using NIS+?

It might be useful if you could include the /tcb/files/auth/r/root file when it has successfully accepted your test password - attach it to your next post.

Also, the supported method of trusting and untrusting a system is via SAM.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
John Peace
Frequent Advisor

‎03-28-2003 06:46 AM

‎03-28-2003 06:46 AM

Re: Passwords not working on trusted system

Power off machine and rebooted into single user mode. Mounted /usr and /var. Ran #/usr/lbin/modprpw root
#
Looked in /tcb/files/auth/system
#ll
-rw-rw-r-- 1 root root 382 Mar 28 08:31 default
-rw-rw-r-- 1 root root 3 Mar 28 08:31 maxid

I then changed the root password.
#passwd root
Changing password for root
Old password:
Last successful password change for root: NEVER (I have changed this many times)
Last unsuccessful password change for root: Fri Mar 28 09:27:42 2003
Do you want (choose one letter only)
pronounceable passwords generated for you (g)
a string of letters generated: (l) ?
to pick your passwords (p)
Enter your choice here: p
New password: ######
Re-enter password: ######
Password successfully changed

I then ran passwd root again. The last successful password change was the current time and date.
I rebooted machine and password does not work.
There is not a lock file for root. I used SAM to initially convert the system to trusted mode. I have also used it a couple times after I untrust and reboot system. The passwords work untrusted, but not trusted. The initial time I trusted the systems, the only security setting I changed was the max character allowed for logins. I changed it from 8 to 12. All the passwords I have tried have been 8 or less. I will post /tcb/files/auth/r/root after I reboot to single user mode.
0 Kudos
Reply
Dan Vowell
Occasional Advisor

‎03-28-2003 07:01 AM

‎03-28-2003 07:01 AM

Solution

Re: Passwords not working on trusted system

Edit /etc/nsswitch.conf and
change password entry

from: passwd compat

to: passwd files

That should allow root and
non-root users to login
successfully.

Dan Vowell/ASE
Sr Technical Consultant
HP/FedEx Global Account
"Your mileage may vary"
Reply
John Peace
Frequent Advisor

‎03-28-2003 07:01 AM

‎03-28-2003 07:01 AM

Re: Passwords not working on trusted system

#cat /tcb/files/auth/r/root

root:u_name=root:u_id#0: :u_pwd=EmXnJmjCUmpi.: :u_boothauth:u_auditid#0: :u_auditflag#1: :u_succhg#1048861757:u_unsucchg#1048861933:u_pswduser=root:u_suclog#104858297: :u_lock@:chkent:

Booted to single user mode.
0 Kudos
Reply
John Peace
Frequent Advisor

‎03-28-2003 07:22 AM

‎03-28-2003 07:22 AM

Re: Passwords not working on trusted system

Thanks Dan that did it.
I am using nsswitch.conf for the first time to reslove from /etc/hosts first. Guess I better look at this file more closely.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.