HPE Community
Operating System - HP-UX
1833788 Members
2230 Online
110063 Solutions
New Discussion

pwconvert

 
Phillip Popp
Regular Advisor

‎01-25-2006 10:12 AM

‎01-25-2006 10:12 AM

pwconvert

Hi,
I am new to unix. I am running hp unix 10.2 When I was logged in as root, pwconvert was accidently typed in by a solaris admin person. It created a trusetd server. However, when ever I try to log in as root, it says the user is disabled. it does not ask me to reset the password. this also happens with sys, and adm. lower lever users passwords were expired and I had to reset. I did not get that oppertunity with the root password. So I have a server, where My root password does not work, and no other users have super user permissions. I need a get around of some kind to the trusted system.

Please help, I have critical data downloaded every day to this server. The data gets downloaded with a password that is disabled.

I did not configure this system, and can not find any back door to get around not having a root password.

Thanks,

Phil
0 Kudos
Reply
10 REPLIES 10
Bill Hassell
Honored Contributor

‎01-25-2006 02:21 PM

‎01-25-2006 02:21 PM

Re: pwconvert

It sounds like all users are lcoked out, something that is standard with tsconvert. In order to enable all the accounts, you need to run /usr/lbin/modprpw -V. Since you cannot get to a superuser login, your only choice is to shutdown everything you can with the users that are still logged in and then reboot into single user mode. Once in single user mode, run fsck on the lvol for /usr, then mount it (mount /usr). Now you can refresh all the expired passwords for all users.


Bill Hassell, sysadmin
0 Kudos
Reply
Jan de Haas_3
Frequent Advisor

‎01-25-2006 02:50 PM

‎01-25-2006 02:50 PM

Re: pwconvert

If you don't want a trusted system. You can easily revert to a non-trusted state by giving a :
# /usr/lbin/tsconvert -r

0 Kudos
Reply
Nguyen Anh Tien
Honored Contributor

‎01-25-2006 03:42 PM

‎01-25-2006 03:42 PM

Re: pwconvert

HI Phillip
You can connect to server by console and can reset you password.
After reset password. You can convert to normal mode by
#tsconvert -r
HTH
tienna
HP is simple
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-25-2006 10:56 PM

‎01-25-2006 10:56 PM

Re: pwconvert

Areyou sure that the admin typed pwconvert or possibly pwconv? There is no command pwconvert in 10.20 and the pwconv command is only part of the Shadow Password product (not avaiable for 10.20). The only command that will create a Trusted system is tsconvert. Your system is Trusted if (only if) there is a /tcb directory.


Bill Hassell, sysadmin
0 Kudos
Reply
Phillip Popp
Regular Advisor

‎01-26-2006 01:51 AM

‎01-26-2006 01:51 AM

Re: pwconvert

Hi Bill,
I guess I am not exactly sure what he typed, however, I definately have a tcb/directory now. On your reboot directions, do I need to reboot from a tape backup, or can I just shutdown and then turn on and go into single user mode?

Thanks,

Phil
0 Kudos
Reply
John Waller
Esteemed Contributor

‎01-26-2006 02:56 AM

‎01-26-2006 02:56 AM

Re: pwconvert

Phil,

If you have "broken" your root account unless you have an alternate admin account you will have to close down what you can then unfortunatly either switch off your server or from the console permform a +B then RS to restart your server, interupt at the 10 second warning, and boot with the hpux -is command.
0 Kudos
Reply
Phillip Popp
Regular Advisor

‎01-26-2006 03:13 AM

‎01-26-2006 03:13 AM

Re: pwconvert

Ok,
So I should not need a recovery tape? Just reboot , interrupt (what is the keystroke for that), then hpux -is and I will be a superuser again? Then can I do a /usr/lbin/modprpw -V command?

Thanks,

Phil
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-26-2006 03:29 AM

‎01-26-2006 03:29 AM

Re: pwconvert

Correct. Booting into single user mode gives you a minimum system with no mounted filesystems except/and /stand. You normally don't have to login with single user mode so you are superuser as soon as the shell prompt appears. You'llneed to mount /usr so just type mount /usr. You'll get a message that fsck must be run on this lvol, so run

fsck /dev/vg00/rlvolX

where X is the lvol number for /usr. Then reissue the mount command and run the modprpw -V command. That should activate all the accounts.


Bill Hassell, sysadmin
0 Kudos
Reply
John Waller
Esteemed Contributor

‎01-26-2006 03:32 AM

‎01-26-2006 03:32 AM

Re: pwconvert

Phil,

No you won't need a tape.

When the system restarts after either a switch off or a RS it will perform various self tests then eventually the console will display a message telling you it is about to boot and to hit any key within 10 seconds to interupt. At that point hit the space bar or any other standard key. You will then get a CM prompt. type bo and at the message interact with IPL enter Y
At the next prompt enter hpux -is
The system will then boot and will eventually display the # prompt. At this point you are in single user mode. You will only have / mounted and vg00 active. You can enter a mount -a to mount the rest of the vg00 filesystems. You may need to run fsck -F vxfs /dev/vg00/rlvol to clean any dirty filesystems.
Once you have reset the root password with the passwd command, you should issue a reboot -r command and let it continue uninterupted. The system will then reboot and you should then be able to login as normal. I'm not sure if you can run the tsconvert -r command is single user mode (perhaps sombody could confirm this for Phil).
0 Kudos
Reply
Phillip Popp
Regular Advisor

‎01-26-2006 07:30 AM

‎01-26-2006 07:30 AM

Re: pwconvert

Guys,
Thanks, I got in in single user mode, shut off the trusted system, and all my passwords reverted back to the origional set up. I could not have done it without your help.

Thanks again.

Phil
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.