HPE Community
Operating System - HP-UX
1827366 Members
5863 Online
109963 Solutions
New Discussion

Re: Root account deactivated

 
SOLVED
Go to solution
Ricky_2
Frequent Advisor

‎06-05-2003 06:50 PM

‎06-05-2003 06:50 PM

Root account deactivated

Hi, I've a few trusted systems running on 10.20. How can I prevent the root account from being deactivated from too many failed login attempts? Thanks.
0 Kudos
Reply
8 REPLIES 8
steven Burgess_2
Honored Contributor

‎06-05-2003 06:57 PM

‎06-05-2003 06:57 PM

Re: Root account deactivated

Hi Ricky

/usr/lbin/tsconvert -r

Thats half the purpose of the trusted system, to disable an account following to many incorrect logins.

If you touch /etc/securetty it will stop remote logins and only allow direct access from the console

Sounds like to many people have root access

HTH

Steve
take your time and think things through
0 Kudos
Reply
Animesh Chakraborty
Honored Contributor

‎06-05-2003 06:59 PM

‎06-05-2003 06:59 PM

Re: Root account deactivated

Hi,
Go to sam -> Audit & Security ->System security Policy -->General user account policy -->Unsuccessful Login Tries Allowed:_5_
Did you take a backup?
Reply
Ricky_2
Frequent Advisor

‎06-05-2003 07:07 PM

‎06-05-2003 07:07 PM

Re: Root account deactivated

Hi, thanks for the prompt responses. It's just too bad that more than a few of us have the root access. I can't afford to go to single-user mode often because of a deactivated root account. Please advise on the way to totally deactivate this feature for root. Thanks.
0 Kudos
Reply
steven Burgess_2
Honored Contributor

‎06-05-2003 07:10 PM

‎06-05-2003 07:10 PM

Re: Root account deactivated

Hi Ricky

If the account gets locked you simply have to log in on the console to reactivate it. No single user is required

HTH

Steve
take your time and think things through
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎06-05-2003 07:10 PM

‎06-05-2003 07:10 PM

Re: Root account deactivated

If that was due to the unsuccessful login attempts

If you receive the message

"account is disabled but console login is allowed"

you can still login on the console and re-activate the root account.
0 Kudos
Reply
Ricky_2
Frequent Advisor

‎06-05-2003 07:19 PM

‎06-05-2003 07:19 PM

Re: Root account deactivated

Hi, I couldn't log on even at the console when the root account was deactivated due to too many failed login attempts. Could it be due to the version (10.20) that I'm using? Or could it be due to the fact that the failed logins were sometimes attempted at the console? I understand that I can customise the login attempts allowed to a very large value like 99, but is there no other value, eg 0, that I can use to disable this feature? Thanks.
0 Kudos
Reply
Con O'Kelly
Honored Contributor

‎06-05-2003 07:36 PM

‎06-05-2003 07:36 PM

Solution

Re: Root account deactivated

Hi Ricky

I think as Animesh pointed earlier in the thread out you can use SAM and for unsuccessful login tries, select customize & set to 0.

This should ensure you are allowed as many login attempts as you want, though from a security view point not really a good idea.

Cheers
Con
Reply
Kiran Kumar Aekabote
Frequent Advisor

‎06-05-2003 08:20 PM

‎06-05-2003 08:20 PM

Re: Root account deactivated

Hi Ricky,

You change the root a/c policy, through SAM.
Run SAM and go to users-> select the "root" a/c from actions tab select Modify users security policies.

From this select the password ageing policies and set to "disable".

select General user account policies and set the following as:
1.A/c life time :None(infinite)
2.Max. inactive days: disable(default)
3.Unsuccessful login tries allowed: customize and value to be set to 0 (zero)
4.Authorised user to boot in single user mode : Yes
You Just can't beat ME
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.