HPE Community
Operating System - HP-UX
1838716 Members
5067 Online
110129 Solutions
New Discussion

Root password in trusted system

 
SOLVED
Go to solution
Roberto Paris
New Member

‎11-20-2003 10:48 PM

‎11-20-2003 10:48 PM

Root password in trusted system

Hi,

my system is in trusted mode.
Changing root password by 'passwd root' command I get error

"Unexpected failure. Password file unchanged."

I already tried to delete root password in /tcb/files/auth/r/root and re-tried passwd command but it didn't help.
I tried to unconvert the system, change password of root and convert system in trusted again; I succeeded to change password but I cannot login with new password.

Helps would be appreciated, thanks!
Roberto
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎11-21-2003 01:32 AM

‎11-21-2003 01:32 AM

Re: Root password in trusted system

/usr/lbin/modprpw -l -k root

That will unlock the root password, if the /etc/passwd file has not been corrupted.

A console login might unlock the id.

You may need to boot into single user mode to correct this.

Last resort, edit the /tcb/files/auth/r/root file and null out the encrypted password.

This may need to be done in single user mode, but if you have a root session open, you can still do it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Fabio Ettore
Honored Contributor

‎11-21-2003 02:14 AM

‎11-21-2003 02:14 AM

Solution

Re: Root password in trusted system

Hi Roberto,

I think that reasons of the problem are different.
Just a few things that you can try/verify:

1. pwconv command should be executed, from man pwcon:

pwconv - update secure password facility

It is enough to type from command line

# pwconv

2.
# authck -pv

from man of command:

authck - check internal consistency of Authentication database

If you found messages or problems by last two commands you should solve them.

3. You should verify /etc/nsswitch.conf, if it contains

passwd: compat
group: compat

They are in this way if your system uses NIS service; if it is not then just change the word 'compat' to 'files'.

In all the three cases above after the action, you could re-try root password change.

I hope this helps you.

Best regards,
Ettore
WISH? IMPROVEMENT!
Reply
erics_1
Honored Contributor

‎11-21-2003 03:22 AM

‎11-21-2003 03:22 AM

Re: Root password in trusted system

Roberto,

If your password has more than 8 characters, try logging in with just the first 8 characters. Trusted systems get set to a max of 8 character passwords by default when implemented. You can adjust this limit via SAM in the auditing and security section once logged in.

Hope this helps,
Eric
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎11-22-2003 01:23 PM

‎11-22-2003 01:23 PM

Re: Root password in trusted system

Let me clarify Eric's comment. When you first convert a system from standard mode to trusted mode, only the first 8 characters of the EXISTING password are used. That's because in standard mode the way the password is encoded in /etc/passwd has no room to hold anything longer. You may THINK you have a longer password in standard mode, but the excess characters are actually ignored by the system. So if you set your password to foobar37, you could login with a password of foobar37, foobar375, or foobar37abcdefg. Likewise, if you set your password to foobar37abcdefg, you could login with a password of just foobar37. This is standard UNIX behavior for the old style /etc/passwd file format.

When you convert from standard to trusted, you get passwords of up to 80 chracters. But there is no way for the conversion process to recreate the characters that were previously thrown away, so only the first 8 characters are initially used. And since anything after the first 8 is now checked, not ignored, this causes some confusion until the first password change by that user after the conversion to trusted mode.

Actual behavior varies slightly from release to release as code was added to try to make this difference less confusing to users. But the bottom line is that you can't create missing characters out of thin air.

You do not need to edit anything with SAM to get trusted mode to accept the longer passwords.

0 Kudos
Reply
Roberto Paris
New Member

‎11-23-2003 07:42 PM

‎11-23-2003 07:42 PM

Re: Root password in trusted system

Hi at all and thanks for your helps!
Fantastic forum...
I solved my password problem...

It was the string 'compat' on password and group into /etc/nsswitch.conf file. I changed it to 'files' and I could modify the root password.
Now I can login with the new password.

Roberto.
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎11-23-2003 09:24 PM

‎11-23-2003 09:24 PM

Re: Root password in trusted system

Ah, the missing information. Now it makes more sense. Trusted mode is not compatible with NIS.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.