HPE Community
Operating System - HP-UX
1837231 Members
2103 Online
110115 Solutions
New Discussion

root account locked even on console

 
Thomas Prause
Occasional Advisor

‎02-16-2005 05:16 AM

‎02-16-2005 05:16 AM

root account locked even on console

Hi all,

the password for my root has expired. Usually this can be fixed by logging in at the console. But this time I can not log in. If I enter a empty password the system says something like "Account locked, but console login still allowed". If I enter the right password for root I get the standard error message for wrong user and/or password. Are there any other ways to get root reactivated?

BTW this all is on 11i with Support Plus Bundle from December 2004.

Thanks for any pointer.
Thomas Prause
0 Kudos
Reply
10 REPLIES 10
Florian Heigl (new acc)
Honored Contributor

‎02-16-2005 05:21 AM

‎02-16-2005 05:21 AM

Re: root account locked even on console

I am afraid You have to do the journey to single user mode if there is no active root session left.

on reboot, You'll have to answer 'y' on the 'interact with isl' message and at the next prompt issue 'hpux -is', which will take You to single user mode. a simple passwd root should fix it, I think there also is a command to un-expire the account only, but I unfortunately don't know it.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎02-16-2005 05:27 AM

‎02-16-2005 05:27 AM

Re: root account locked even on console

Hi Thomas,

Double check that root PW - specifically make sure capslock is OFF. It's been my experience that when it states that, you can still get in on the console.
The other thing that might be in play is if you're using either "#" or "@" in that PW - then the system is interpreting them as tty control chars. They should never be used in a PW & you may have gotten away with it on all other term types but you can't on the console. If this is the case then you'll have no choice but to go single user to change it.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
James George_1
Trusted Contributor

‎02-16-2005 06:01 AM

‎02-16-2005 06:01 AM

Re: root account locked even on console

As florian has explained, you will have to boot to single user mode to get it re acitivated.

You can chooe " NOT TO EXPIRE THE root a/c" through SAM..

SAM >> Accounts for Users and Groups > users >> select root > Action > Modify Security policies > Passwd Aging Policies > Disable Passwd Aging. So, your root passswd will not expire.

Good Luck
James
forum is for techies .....heaven is for those who are born again !!
0 Kudos
Reply
Robert Salter
Respected Contributor

‎02-16-2005 06:31 AM

‎02-16-2005 06:31 AM

Re: root account locked even on console

If there are a "#" or "@" in the password as Jeff suggested you might try using "\"in front of them whentyping in the password. i.e.
password is #sand
type \#sand

As as the other folks said, if this isn't the case it's off to single-user land.
Time to smoke and joke
0 Kudos
Reply
Manuel Contreras
Regular Advisor

‎02-16-2005 07:49 AM

‎02-16-2005 07:49 AM

Re: root account locked even on console

If you can NOT bounce box and have OMNIback/Dataprotector in your env. you could try the following:

copy the existing /etc/passwd and modify root's encrypted password value to match yours or remove the values that refer to expiration. this modified file would be backed-up and restored on top of the systems /etc/passwd file.

(I do not have a trusted env, but I would imagine you trusted guys may know which files to tweak).

Hope this helps,
manuel
0 Kudos
Reply
Mic V.
Esteemed Contributor

‎02-16-2005 03:56 PM

‎02-16-2005 03:56 PM

Re: root account locked even on console

And of course, if you have a user with appropriate SAM privs, you can fix it. Same for sudo.

Mic
What kind of a name is 'Wolverine'?
0 Kudos
Reply
Thomas Prause
Occasional Advisor

‎02-16-2005 08:58 PM

‎02-16-2005 08:58 PM

Re: root account locked even on console

Thanks for all your help. Finally I had to reboot :-(

Some more details about this strange thing:
Entering the right password at the CDE login told me "Account locked in the security database", while a wrong password gave "Logon failed". So I can be quite shure to have the right pwd and I've tried several times. Password contains only upper and lower case letters and numbers. Nothing fancy.
In the Single User mode I could simple do 'passwd root', provide the old pwd and set a new one, so the console seems not to "translate" some characters incorrectly.
Local security rules do not allow non expiring passwords even for root.

Thank you.
Thomas Prause
0 Kudos
Reply
Manuel Contreras
Regular Advisor

‎02-17-2005 01:56 AM

‎02-17-2005 01:56 AM

Re: root account locked even on console

In todays env. where you have an infrastructure of systems/applications that are almost seamless, passwds that do not expire are welcomed.

I would hope you might be able to implement a schedule where passwds are changed, rather then having the system expire them...especially root.
my .02,
manuel
0 Kudos
Reply
Marvin Strong
Honored Contributor

‎02-17-2005 02:06 AM

‎02-17-2005 02:06 AM

Re: root account locked even on console

If you must expire root, setup sudo for the admins so you have a way to become root, when the account expires. So you can reset it without needing to reboot.

Personally I think its very easy to justify a non-expiring root passwd. But thats a battle you have to choose for yourself or not.
0 Kudos
Reply
baiju_3
Esteemed Contributor

‎02-17-2005 03:55 AM

‎02-17-2005 03:55 AM

Re: root account locked even on console

Hi

By eny chance do you have a remsh access to this server ?

in that case run remsh server -n " /usr/lbin/modprpw -k root"

or overwrite the tcb file by rcp .

Nothing works ,
then reboot in single user mode .

BL.
Good things Just Got better (Plz,not stolen from advertisement -:) )
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.