HPE Community
Operating System - HP-UX
1832651 Members
2730 Online
110043 Solutions
New Discussion

Root Login

 
SOLVED
Go to solution
John Peace
Frequent Advisor

‎04-10-2001 03:13 AM

‎04-10-2001 03:13 AM

Root Login

Root login is disabled. When I sign in at the console, I get a message to change the password. When I try to change the password I get "password lifetime has expired". So I can't change the password or re-enable it. How can I change the password without rebuilding the system? There are no other users who have root access.
0 Kudos
Reply
14 REPLIES 14
Steven Sim Kok Leong
Honored Contributor

‎04-10-2001 03:19 AM

‎04-10-2001 03:19 AM

Re: Root Login

Hi,

After you console logged in (which is allowed even when your password has expired), the easiest way is to run SAM and use it to reactivate your root account (if necessary) and change your password.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
Pete Ellis
Trusted Contributor

‎04-10-2001 03:46 AM

‎04-10-2001 03:46 AM

Solution

Re: Root Login

If you can't login at all, you don't need to re-build you can just power off (not nice, OS should be alright but the applications might not!) and bring it up in single user mode. Interupt the startup, enter "bo pri" and say yes to interact with the ISL. Enter "hpux -is" and you will be in single user mode. It sounds like your in trusted mode, I would suggest amending the options for root!!
Reply
John Peace
Frequent Advisor

‎04-10-2001 03:52 AM

‎04-10-2001 03:52 AM

Re: Root Login

The second I log in, before I can do anything, it asks me to change the password. I get the message:

Changing password for root
old password:

When I enter the old password, I get.

Password cannot be changed. Reason: Password lifetime has expired.
Login aborted due to no new password.

I trid breaking the login sequence, but to no avail.

0 Kudos
Reply
Pedro Sousa
Honored Contributor

‎04-10-2001 03:58 AM

‎04-10-2001 03:58 AM

Re: Root Login

Hi!
Try accessing the system with another user, and then switch user to root (su).
good luck.
0 Kudos
Reply
John Peace
Frequent Advisor

‎04-10-2001 04:00 AM

‎04-10-2001 04:00 AM

Re: Root Login

The account is disabled. Only console login allowed.
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎04-10-2001 04:16 AM

‎04-10-2001 04:16 AM

Re: Root Login

Hi
John

Login at the console as another user and try and su to root.

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
John Peace
Frequent Advisor

‎04-10-2001 07:31 AM

‎04-10-2001 07:31 AM

Re: Root Login

Nothing has worked yet. I will try Pete's suggestion tomorrow morning. I have users on the system right now. I am running in trusted mode. Hopefully no one needs anything done by root today.....
0 Kudos
Reply
Mark Vollmers
Esteemed Contributor

‎04-10-2001 08:49 AM

‎04-10-2001 08:49 AM

Re: Root Login

There was another thread where someone had to change the password because they were locked out. Not exactly the same situtation, but you might be able to use some of the methods (like hacking in through the cron job) to get in so you don't have to reboot.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0x2ec753921f1ad5118fef0090279cd0f9,00.html

Mark
"We apologize for the inconvience" -God's last message to all creation, from Douglas Adams "So Long and Thanks for all the Fish"
0 Kudos
Reply
Jim Moffitt_1
Valued Contributor

‎04-10-2001 09:31 AM

‎04-10-2001 09:31 AM

Re: Root Login

It does sound like you have a trusted system. shutdown and reboot the system like Pete said. When you get into single user mode mount your file systems (mount -a), then run /usr/lbin/tsconvert -r to revert back to a non trusted system. Edit /etc/password to remove root's encrypted password. Then run password to set a new one. Finally run /usr/lbin/tsconvert to return to a trusted system. then type reboot. Note, it you do a hard shutdown and restart because you can't get into root, you may have to run fsck on each filesystem before mounting them.
Reply
Joseph Hoh
Frequent Advisor

‎04-10-2001 09:50 AM

‎04-10-2001 09:50 AM

Re: Root Login

You can try booting from a the Support CD. I have not done this in a while but here is a helpful link.
http://us-support.external.hp.com/cki/bin/doc.pl/sid=02fc928f0607662caf/screen=ckiDisplayDocument?docId=200000047869323

You should be able to mount the root filesystem and then modify the root password. Search for the part titled "root password".

Make sure you back up the system first.
0 Kudos
Reply
Sandip Samanta_3
Occasional Advisor

‎04-11-2001 02:28 AM

‎04-11-2001 02:28 AM

Re: Root Login

Hi,

Log in console & then execute
/usr/lbin/modprpw -k root.

If it does not help then go to /tcb/files/auth/r dir & root file & change lifetime.

Hope it will help.

Regds
Sandip
0 Kudos
Reply
John Peace
Frequent Advisor

‎04-11-2001 03:19 AM

‎04-11-2001 03:19 AM

Re: Root Login

Problem is fixed. thanks to everyone. All I had to do was boot to single user and reset password. To easy!!!!!!
0 Kudos
Reply
Pete Ellis
Trusted Contributor

‎04-11-2001 06:20 AM

‎04-11-2001 06:20 AM

Re: Root Login

John, Thanks for the points, I would recommend that you check roots security policies with sam. Make sure you set the account lifetime to infinite, if it is not and max period inactivity of account to disabled, if it is not. There are global settings for these and its easy for someone to tighten security for all accounts and cause problems with root.
0 Kudos
Reply
Joseph A Benaiah_1
Regular Advisor

‎04-15-2001 05:04 PM

‎04-15-2001 05:04 PM

Re: Root Login

If your system is trusted and it sounds like it is, you can try the following after you bring the server up in single user mode:

1. cd /tcb/files/auth/r
2. vi the file "root" and delete the line that has the entry u_pwd.
3. Reboot the server into mutiluser mode.
4. Login as root at the console, you will be prompted for a new password.

Some companies that I know of keep a 2nd user on the server with a UID=0. Ofcourse, if you are using sudo, then you can access SAM through and reactivate the root account. That way you do not have to worry about any downtime as a result of rebooting the server.

Cheers,

Joseph.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.