Solved: Re: Root Login

John Peace · ‎04-10-2001

Root login is disabled. When I sign in at the console, I get a message to change the password. When I try to change the password I get "password lifetime has expired". So I can't change the password or re-enable it. How can I change the password without rebuilding the system? There are no other users who have root access.

Steven Sim Kok Leong · ‎04-10-2001

Hi,

After you console logged in (which is allowed even when your password has expired), the easiest way is to run SAM and use it to reactivate your root account (if necessary) and change your password.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com

Pete Ellis · ‎04-10-2001

If you can't login at all, you don't need to re-build you can just power off (not nice, OS should be alright but the applications might not!) and bring it up in single user mode. Interupt the startup, enter "bo pri" and say yes to interact with the ISL. Enter "hpux -is" and you will be in single user mode. It sounds like your in trusted mode, I would suggest amending the options for root!!

John Peace · ‎04-10-2001

The second I log in, before I can do anything, it asks me to change the password. I get the message:

Changing password for root
old password:

When I enter the old password, I get.

Password cannot be changed. Reason: Password lifetime has expired.
Login aborted due to no new password.

I trid breaking the login sequence, but to no avail.

Pedro Sousa · ‎04-10-2001

Hi!
Try accessing the system with another user, and then switch user to root (su).
good luck.

John Peace · ‎04-10-2001

The account is disabled. Only console login allowed.

Paula J Frazer-Campbell · ‎04-10-2001

Hi
John

Login at the console as another user and try and su to root.

Paula

If you can spell SysAdmin then you is one - anon

John Peace · ‎04-10-2001

Nothing has worked yet. I will try Pete's suggestion tomorrow morning. I have users on the system right now. I am running in trusted mode. Hopefully no one needs anything done by root today.....

Mark Vollmers · ‎04-10-2001

There was another thread where someone had to change the password because they were locked out. Not exactly the same situtation, but you might be able to use some of the methods (like hacking in through the cron job) to get in so you don't have to reboot.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0x2ec753921f1ad5118fef0090279cd0f9,00.html

Mark

"We apologize for the inconvience" -God's last message to all creation, from Douglas Adams "So Long and Thanks for all the Fish"

Jim Moffitt_1 · ‎04-10-2001

It does sound like you have a trusted system. shutdown and reboot the system like Pete said. When you get into single user mode mount your file systems (mount -a), then run /usr/lbin/tsconvert -r to revert back to a non trusted system. Edit /etc/password to remove root's encrypted password. Then run password to set a new one. Finally run /usr/lbin/tsconvert to return to a trusted system. then type reboot. Note, it you do a hard shutdown and restart because you can't get into root, you may have to run fsck on each filesystem before mounting them.

Joseph Hoh · ‎04-10-2001

You can try booting from a the Support CD. I have not done this in a while but here is a helpful link.
http://us-support.external.hp.com/cki/bin/doc.pl/sid=02fc928f0607662caf/screen=ckiDisplayDocument?docId=200000047869323

You should be able to mount the root filesystem and then modify the root password. Search for the part titled "root password".

Make sure you back up the system first.

Sandip Samanta_3 · ‎04-11-2001

Hi,

Log in console & then execute
/usr/lbin/modprpw -k root.

If it does not help then go to /tcb/files/auth/r dir & root file & change lifetime.

Hope it will help.

Regds
Sandip

John Peace · ‎04-11-2001

Problem is fixed. thanks to everyone. All I had to do was boot to single user and reset password. To easy!!!!!!

Pete Ellis · ‎04-11-2001

John, Thanks for the points, I would recommend that you check roots security policies with sam. Make sure you set the account lifetime to infinite, if it is not and max period inactivity of account to disabled, if it is not. There are global settings for these and its easy for someone to tighten security for all accounts and cause problems with root.

Joseph A Benaiah_1 · ‎04-15-2001

If your system is trusted and it sounds like it is, you can try the following after you bring the server up in single user mode:

1. cd /tcb/files/auth/r
2. vi the file "root" and delete the line that has the entry u_pwd.
3. Reboot the server into mutiluser mode.
4. Login as root at the console, you will be prompted for a new password.

Some companies that I know of keep a 2nd user on the server with a UID=0. Ofcourse, if you are using sudo, then you can access SAM through and reactivate the root account. That way you do not have to worry about any downtime as a result of rebooting the server.

Cheers,

Joseph.