HPE Community
Operating System - HP-UX
1833780 Members
2442 Online
110063 Solutions
New Discussion

Re: "rexecd: Password for this account expired."

 
Norman Lowe
Frequent Advisor

‎02-11-2003 07:38 AM

‎02-11-2003 07:38 AM

"rexecd: Password for this account expired."

User is using rexec from his PC to run an xterm from the HP UNIX server (HP_UX 11.00), but is getting the error message "rexecd: Password for this account expired.". If he tries rcmd instead of rexec, he gets "remshd: Password for this account expired."

He recently changed password and has got this error ever since, although he can log in okay using normal telnet. No other users are having the problem. The HP machine is a NIS+ client, if that's relevant.

Any ideas?
0 Kudos
Reply
11 REPLIES 11
Iain F. Brown
Valued Contributor

‎02-11-2003 03:34 PM

‎02-11-2003 03:34 PM

Re: "rexecd: Password for this account expired."

PHNE_28102 s700_800 11.00 ONC/NFS General Release/Performance Patch should fix this
Fix text:- A password expires unexpectedly in an NIS+ environment.
0 Kudos
Reply
Norman Lowe
Frequent Advisor

‎02-12-2003 09:03 AM

‎02-12-2003 09:03 AM

Re: "rexecd: Password for this account expired."

The patches part of this website seems to inaccesible at the moment, but his password has not actually expired at all - he can still log in via telnet using the current password. I've even tried changing his password again and the same error still occurs.
0 Kudos
Reply
Iain F. Brown
Valued Contributor

‎02-12-2003 09:27 AM

‎02-12-2003 09:27 AM

Re: "rexecd: Password for this account expired."

As I replied earlier the patch will correct this is the problem detail below of the known problem

When nispasswd table does not contain any shadow password info, the password structure is getting initialised to incorrect aging values,
which results in incorrect aging info when pwget is called. This results
in the expiry of password when the user logs in.

The fix was first included in 11.0 patch PHNE_24909 and
11.11 patch PHNE_24910 these patches are superceeded by PHNE_28102 and PHNE_28103

0 Kudos
Reply
Darren Prior
Honored Contributor

‎02-12-2003 09:28 AM

‎02-12-2003 09:28 AM

Re: "rexecd: Password for this account expired."

Hi Norman,

I'm afraid I have no answers, but have some questions for you :)

Have you tried changing another user's password to this password before attempting to login in the same way?

Do any other users have the same problem?

Is the HP server running as a trusted system? If so, could you attach the /tcb/files/auth/<1st letter of login>/ file for the problem user. You can remove the encrypted password field before attaching if you wish.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Norman Lowe
Frequent Advisor

‎02-12-2003 09:45 AM

‎02-12-2003 09:45 AM

Re: "rexecd: Password for this account expired."

It is not a trusted system. I have changed my password to be the same as his, but everything still works okay for me. I have changed his password to various different ones, but the problem always remains for his account. No other users are having the problem at the moment, but he reckons that some of his colleagues have had the problem in the past, but it "went away".

I repeat that there is no problem using his account with telnet - it is only when trying to use rexec, etc.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎02-13-2003 07:31 AM

‎02-13-2003 07:31 AM

Re: "rexecd: Password for this account expired."

Hi Norman,

1) Is there anything unusual about the username? (characters, length)

2) Does the same rexec command from a HP-UX box result in the error?

3) Do you have any password ageing setup?

I have read about a similar case (telnet worked, rlogin, rexec didn't) which was resolved by the patch Iain mentioned earlier.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
Iain F. Brown
Valued Contributor

‎02-13-2003 05:26 PM

‎02-13-2003 05:26 PM

Re: "rexecd: Password for this account expired."

This is what the Patch fixes and why it occurs.

NIS+ and trusted does not update passwd data correctly
Defect Description:
The shadow password field consists of 7 fields out of which 3 fields are related to aging (lastchg, max and min). These shadow fields are
delimited by ':'(eg.99:-1:-1:-1:-1::0, The first field corresponds to lastchg(99), the second field min(-1) and third field max(-1)):. Aging
should not be enabled when the lastchg is less than 0 OR (max AND min) are less than 0.
Irrespective of whether the system is in "Trusted mode" or "Non-Trusted mode", the interpretation of the shadow field should remain the same. The interpretation rule should
be whenever a valid number is present in one of the fields it should be converted to long and when any inconsistent character is
encountered it should be interpreted as -1.
When any character other than a valid number is encountered the field values (lastchg, max, min etc) are set to 0, instead of -1, which results in incorrect aging string. The incorrect aging string leads to the occurance of the jag. The above behaviour of setting the fields to 0 when an non-digit character is encountered, happens because of the behaviour of strtol()
function. The shadow fields are parsed and strtol() is called to convert the string to long with the base as 10. The strtol() returns zero
if the character encountered is anything other than digits (an inconsistent character with the base). When consecutive colons(:::::) are
set in shadow fields, strtol() returns zero, which is set for the fields of the shadow
column. Becuase of the the flag to disable aging is not set and aging is enabled.

0 Kudos
Reply
Norman Lowe
Frequent Advisor

‎02-14-2003 02:45 AM

‎02-14-2003 02:45 AM

Re: "rexecd: Password for this account expired."

Problem has "gone away" once again, before I could apply the patch. I will install the patch now anyway and see if the problem reoccurs later.

Thanks for your replies.
0 Kudos
Reply
Jakes Louw_1
Frequent Advisor

‎02-17-2003 05:00 AM

‎02-17-2003 05:00 AM

Re: "rexecd: Password for this account expired."

One last thing: check /etc/shells for any recent mods.
0 Kudos
Reply
Norman Lowe
Frequent Advisor

‎02-26-2003 02:04 AM

‎02-26-2003 02:04 AM

Re: "rexecd: Password for this account expired."

It turns out that this happens to anyone who changes their (NIS+) password. For a couple of days afterwards, they will always get "rexecd: Password for this account expired" when using rexec, although they can use their new password okay when using telnet, etc. After a couple of days, they are okay until the next time they have to change their password.

I have applied that patch, but it hasn't made any difference.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎02-26-2003 04:31 AM

‎02-26-2003 04:31 AM

Re: "rexecd: Password for this account expired."

Hi Norman,

I think it's probably a good time to log a software call with your local HP response centre, so that they can investigate this fully.

best regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.