HPE Community
Operating System - HP-UX
1835145 Members
2296 Online
110077 Solutions
New Discussion

Pb with Trusted System installation

 
Boissé
New Member

‎06-14-2005 09:26 AM

‎06-14-2005 09:26 AM

Pb with Trusted System installation

Hello,

I have some problem when turning on the trusted system on a HP-UX v11.00 server.
After turning it on via sam and logging off the server, there is no way to re-login in with any account.

Is a reboot normally needed ?

Do you know this problem ?

Thanks for help...

Sebastien
0 Kudos
Reply
13 REPLIES 13
RAC_1
Honored Contributor

‎06-14-2005 09:29 AM

‎06-14-2005 09:29 AM

Re: Pb with Trusted System installation

Did you did it through SAM?? Sure??

Do you have root session open somewhere??
If yes, /usr/lbin/modprpw -V

What is the error message that you get??

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎06-14-2005 09:57 AM

‎06-14-2005 09:57 AM

Re: Pb with Trusted System installation

This is normally the case when you convert to trusted manually, i.e., without the help of SAM, which leaves all the accounts disabled after conversion. I am not sure why you may be experiencing the same difficulty but, it may help, before you log out, if you run

for USER in `cat/tmp/userlist`
do
/usr/lbin/modprpw -l -m alock=NO $USER
done

where /tmp/userlist contains the list of users that you know, who will need interacive access to this server.

hope this helps
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Ermin Borovac
Honored Contributor

‎06-14-2005 06:34 PM

‎06-14-2005 06:34 PM

Re: Pb with Trusted System installation

You should still be able to login through console as root.
0 Kudos
Reply
Boissé
New Member

‎06-14-2005 09:06 PM

‎06-14-2005 09:06 PM

Re: Pb with Trusted System installation

Thanks for your answers, but the pb is still here.

RAC :
I have tried /usr/lbin/modprpw -V because it's possible that another root session was opened elsewhere. But it doesn't change anything.

error message= "Login incorrect"


Mel Burslan :
I haven't any userlist file or folder in tmp...


I active Trusted system through Sam by clicking first on Auditing and security, then on one of the icons in the Auditing and security windows.
A window appears asking me if I want to convert into a trusted system. I answer yes.
Another window opens dealing with ACLs. I answer OK.
Then the system is converted succesfully into a trusted system.

Without loging out ( rlogin on another server, and rlogin again towards the first server. With any accounts : "login incorrect"

tsconvert -r to remove the trusted sytem and all is right again.

Sebastien

0 Kudos
Reply
C. John Soos
Occasional Contributor

‎06-15-2005 05:01 AM

‎06-15-2005 05:01 AM

Re: Pb with Trusted System installation

If your account's password was greater than 8 characters prior to trusted mode conversion type only the 1st 8 characters of the password when logging in. After initial login you can set a new password greater than 8 chars.

regards,
john
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎06-15-2005 05:09 AM

‎06-15-2005 05:09 AM

Re: Pb with Trusted System installation

Sebastien,

by /tmp/userlist I meant, you need to create a file like this. Sorry that I was not clearer.

After your SAM session completes converting to trusted, try running the command I gave you above with root account only, instead of in a script. Then try your rlogin out and back in.

________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
RAC_1
Honored Contributor

‎06-15-2005 05:12 AM

‎06-15-2005 05:12 AM

Re: Pb with Trusted System installation

"login incorrect" does that happen to all users?? What does following command report.

pwck
grpck

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-15-2005 03:04 PM

‎06-15-2005 03:04 PM

Re: Pb with Trusted System installation

AS mentioned, *all* passwords on the old system are 8 characters long or less. When you convert to Trusted, the passwords are still 8 characters. The problem is that you probably type more than 8 characters and for a Trusted system, the extra character are no longer ignored. Once the system is Trusted, if you change a password to be more than 8 characters, all of the characters are now used.


Bill Hassell, sysadmin
0 Kudos
Reply
Boissé
New Member

‎06-19-2005 07:45 PM

‎06-19-2005 07:45 PM

Re: Pb with Trusted System installation

Thanks for your answers but :

I have tried all your solutions but it does not change anything.

It's not a pb with the length of the password (they are shorter than 8 characters)

"Login incorrect" happens with all users.
Nothing with pwck and grpck.

Mel, I have tried to unlock some user as you said but NO CHANGE...

I have also tried to create a new account when trusted system was turned on and to rlogin with this new user : IMPOSSIBLE : "Login incorrect"

Sebastien
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-20-2005 01:57 AM

‎06-20-2005 01:57 AM

Re: Pb with Trusted System installation

Check permissions for / /tcb /etc /usr /usr/bin. If someone (as root) decided to improve security by changing these top level directories, you may get a message like this (even though the real reason is not an incorrect password). Here are the correct permissions and ownerships:

drwxr-xr-x 25 root root 8192 Jun 17 10:17 //
dr-xr-xr-x 31 bin bin 8192 Jun 20 08:52 /etc/
dr-xr-x--x 3 root sys 96 Feb 26 22:05 /tcb/
drwxrwx--x 3 root sys 96 Feb 26 22:05 /tcb/files/
drwxrwx--x 55 root sys 8192 Feb 26 22:05 /tcb/files/auth/
dr-xr-xr-x 24 bin bin 8192 Feb 28 08:09 /usr/
dr-xr-xr-x 5 bin bin 16384 Mar 30 09:55 /usr/bin//


Bill Hassell, sysadmin
0 Kudos
Reply
Boissé_1
Advisor

‎06-20-2005 03:09 AM

‎06-20-2005 03:09 AM

Re: Pb with Trusted System installation

It's OK, all is right...
0 Kudos
Reply
Boissé_1
Advisor

‎06-20-2005 03:13 AM

‎06-20-2005 03:13 AM

Re: Pb with Trusted System installation

I wanted to say, I have the good permissions, the problem 's still here...
0 Kudos
Reply
Boissé_1
Advisor

‎06-20-2005 03:57 AM

‎06-20-2005 03:57 AM

Re: Pb with Trusted System installation

I have the answer, I have just seen that William Chong had got the same pb one month ago, Sorry not to have seen it before....and thanks for all your answers...

Same pb -> Same answer : nsswitch.conf >> passwd: files

Can somebody tell me if this change may change something else ??

Thanks

Sebastien
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.