HPE Community
Operating System - HP-UX
1825712 Members
3118 Online
109686 Solutions
New Discussion

reactivation of disabled accounts

 
SOLVED
Go to solution
yurika
Occasional Advisor

‎05-26-2005 06:44 AM

‎05-26-2005 06:44 AM

reactivation of disabled accounts

I got a bit overzealous trying to clean up user accounts on our HPUX 11i systems. I turned on global password aging expiration using SAM. after doing so, I went back to reactivate some accounts for some users.....even some of the system accounts.

Now I am trying to disable those accounts that are supposed to be disabled, such as sys, adm, daemon, lp...etc. I have a system which I haven't done this to, and I would like to copy their /tcb/files/auth/[daemon] file over to restore the default. is this a wise move? or is there a better way to restore.

the default i believe is supposed to have no password, an * indicating that the account is disabled.

Thank you in advance.
Yurika
0 Kudos
8 REPLIES 8
Doug O'Leary
Honored Contributor

‎05-26-2005 07:27 AM

‎05-26-2005 07:27 AM

Re: reactivation of disabled accounts

Hey;

for user in sys adm daemon lp
do
echo ${user}
passwd -l ${user}
modprpw -e ${user}
done

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
yurika
Occasional Advisor

‎05-26-2005 07:37 AM

‎05-26-2005 07:37 AM

Re: reactivation of disabled accounts

modprpw is not found when I try to excute it.
my system IS in trusted mode, what else could be preventing me from finding the command?

Thank you,
0 Kudos
Rick Garland
Honored Contributor

‎05-26-2005 07:39 AM

‎05-26-2005 07:39 AM

Re: reactivation of disabled accounts

If you have trusted system, all passwds are * in the /etc/passwd file.

This does not indicate that the account is disabled.
0 Kudos
erics_1
Honored Contributor

‎05-26-2005 07:42 AM

‎05-26-2005 07:42 AM

Re: reactivation of disabled accounts

/usr/lbin/modprpw
0 Kudos
Kent Ostby
Honored Contributor

‎05-26-2005 07:47 AM

‎05-26-2005 07:47 AM

Re: reactivation of disabled accounts

yudi ... check out this document . It has some good tips for troubleshooting this type of issue: KBRC00010639
"Well, actually, she is a rocket scientist" -- Steve Martin in "Roxanne"
0 Kudos
Denver Osborn
Honored Contributor

‎05-26-2005 07:52 AM

‎05-26-2005 07:52 AM

Solution

Re: reactivation of disabled accounts

For those system accounts (daemon, bin, adm...) you could also move aside the users protected passwd file and running pwconv will recreate it. the prpw entry will now be set to an "*", pretty much where they were before you made the global change.

ex:
mv /tcb/auth/files/d/daemon /tmp
pwconv


hope this helps,
-denver
0 Kudos
yurika
Occasional Advisor

‎05-26-2005 08:00 AM

‎05-26-2005 08:00 AM

Re: reactivation of disabled accounts

Thank you all for all your help!
the update secure password facility, pwconv seems to do the trick!
Yurika
0 Kudos
yurika
Occasional Advisor

‎05-26-2005 08:01 AM

‎05-26-2005 08:01 AM

Re: reactivation of disabled accounts

thank you!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.