HPE Community
Operating System - HP-UX
1844033 Members
2663 Online
110226 Solutions
New Discussion

Problems with ShadowPassword

 
Skip Ford
Advisor

‎05-13-2004 08:22 AM

‎05-13-2004 08:22 AM

Problems with ShadowPassword

I'm running HP-UX 11.11 on a 785 workstation. When I turn on password shadowing with the pwconv command, it locks out all users from logging in. When I installed it I received warnings stating that swinstall could only mark 19 of 21 filesets for installation. The reason given for them being skipped were:

The fileset was skipped since there was not base fileset on the system and that some patches were superceeded by existing patches already on the system.

is anyone having the same problem.
0 Kudos
Reply
12 REPLIES 12
Navin Bhat_2
Trusted Contributor

‎05-13-2004 08:31 AM

‎05-13-2004 08:31 AM

Re: Problems with ShadowPassword

Is this a trusted system/non-trusted system right now?
0 Kudos
Reply
Skip Ford
Advisor

‎05-13-2004 08:42 AM - last edited on ‎09-16-2024 02:21 AM by

‎05-13-2004 08:42 AM - last edited on ‎09-16-2024 02:21 AM by

Re: Problems with ShadowPassword

It's non-trusted. Trusted mode is not an option.
0 Kudos
Reply
Skip Ford
Advisor

‎05-13-2004 08:52 AM

‎05-13-2004 08:52 AM

Re: Problems with ShadowPassword

In the installation instructions it says:

"Once the patches are installed, the system can be converted to use shadow passwords by running the pwconv(1m) command. This will convert the entries in the /etc/passwd file into the appropriate format in the /etc/shadow file.

Then it says:
"Reboot the system - shadow passwords should be available"

Do I reboot then run pwconv or the other way around.
0 Kudos
Reply
Navin Bhat_2
Trusted Contributor

‎05-13-2004 08:56 AM

‎05-13-2004 08:56 AM

Re: Problems with ShadowPassword

yes after pwconv the system should be rebooted. Also verify that you have the latest pwconv cumulative patch.
0 Kudos
Reply
Dani Seely
Valued Contributor

‎05-13-2004 09:01 AM

‎05-13-2004 09:01 AM

Re: Problems with ShadowPassword

Hey Skip,
No, I've not seen this problem before but I have a few questions and suggestions:

Some of the patches require other patches as a pre-requisite. Was there any notice that a pre-requisite patch is not installed.

First of all, any reason why not to just implement trusted mode on your system?

Do you have ftp, telnet or Secure Shell access to the system? Try to access this system remotely. If you can get into the system remotely (telnet or SSH), as root, kill the minimal getty for consoles and then try to login at the console:
# killall mingetty
Together We Stand!
0 Kudos
Reply
Skip Ford
Advisor

‎05-14-2004 12:35 AM

‎05-14-2004 12:35 AM

Re: Problems with ShadowPassword

After examining the install log I didn't see any indication of pre-requisite patches. I'll take another look.

The power that be don't want to convert to trusted system. Go figure.

Yes I do have telnet, ftp access. I can't acces it via them as well. I get the same error.
0 Kudos
Reply
John Carr_2
Honored Contributor

‎05-14-2004 12:52 AM

‎05-14-2004 12:52 AM

Re: Problems with ShadowPassword

HP recommend using SAM to do this which performs a number of checks. If you want to shadow from the command line

/usr/lbin/tsconvert
/usr/lbin/modprpw -V

John.
0 Kudos
Reply
John Carr_2
Honored Contributor

‎05-14-2004 12:55 AM

‎05-14-2004 12:55 AM

Re: Problems with ShadowPassword

Another problem you may have is if the password was more than 8 characters the tsconvert truncates the password to 8 charaters and makes it unusable. Unless the user enters just the first 8 characters and then I am told it works but have not tried.

john.
0 Kudos
Reply
John Carr_2
Honored Contributor

‎05-14-2004 01:04 AM

‎05-14-2004 01:04 AM

Re: Problems with ShadowPassword

Skip

also you need the latest patches if not already installed

PHCO_28176
PHCO_27011

follow this thread to get them and type tsconvert in the search box

http://www4.itrc.hp.com/service/patch/search.do?BC=patch.breadcrumb.main|&pageContextName=hpux:::

John.
0 Kudos
Reply
Joe Short
Super Advisor

‎07-27-2004 04:25 AM

‎07-27-2004 04:25 AM

Re: Problems with ShadowPassword

I am running into the exct same problem.
The situation is this. I have 2 rp7410 servers. They are configured in an MC/Service Guard eRac cluster. Except for 2 differences, they are identical. Those differences are that one has more CPUs, memory, and is a Data Protector cell manager.
On the first (cell manager), I installed the Shadow Password bundle, and executed the pwconv command. The process was successful.
On the second, I install the bundle, and execute the command, and am no longer allowed to login, I get an invalid password error. I am following the instructions to the letter, all prequisite patches are installed successfuly. However, I am unable to successfully convert to a shadowed password system.
0 Kudos
Reply
Ron Luman_1
Occasional Advisor

‎07-29-2004 07:13 AM

‎07-29-2004 07:13 AM

Re: Problems with ShadowPassword

Skip: The fileset warnings do not necessarily indicate a problem. There are a couple of patches in the shadow bundle that update optional base components such as CDE. If these are not installed, then the updates won't be installed.

Joe: Compare the /etc/passwd and /etc/shadow files on the two systems. Specifically the second field in each file. Do they look about the same? Any obvious differences?


Cheers,

--Ron
0 Kudos
Reply
Joe Short
Super Advisor

‎07-29-2004 08:20 AM

‎07-29-2004 08:20 AM

Re: Problems with ShadowPassword

Ron,

Thanks. I found my problem. It was the file /etc/nsswitch.conf
It had passwd and groups set to "compat" not files. I made the change and everything works. Now if only I could assign some points for the help I received...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.