HPE Community
Operating System - HP-UX
1754881 Members
3862 Online
108827 Solutions
New Discussion юеВ

Re: root password on the trusted system

 
Vishal Phlad_1
Occasional Contributor

тАО04-13-2005 07:01 PM

тАО04-13-2005 07:01 PM

root password on the trusted system

Good Day All

I have a development server and its running HP_UX B11.11 on it and it's running as a trusted system. The problem that i'm experiencing is that whenever the root's password expires i have to take down the server to single user mode, untrust the system, delete the password entry in the /tcb/files/auth/r/root and reset the root's password. I read on ITRC that i have to install sudo and give a normal user access as root so that i can change the root's password without having to take down the server. I installed sudo and tested it but now the problem is that:
- i log in as a normal user
- sudo vi /etc/tcb/files/auth/r/root
- sudo /usr/lbin/tsconvert -r
- sudo root passwd
- then, i can log in as root with the new password
- and when i convert back the system to a trusted system
i cant log in as root, it asks for the old password.

What i would like to know is that, is there a way to have a trusted system and the root password doesn't expire ??
0 Kudos
Reply
8 REPLIES 8
Robert-Jan Goossens
Honored Contributor

тАО04-13-2005 08:28 PM

тАО04-13-2005 08:28 PM

Re: root password on the trusted system

HI Vishal,

Try,

# /usr/lbin/modprdef -m mintm=0,lftm=0,exptm=0,expwarn=0 root

Regards,
Robert-Jan
0 Kudos
Reply
Vishal Phlad_1
Occasional Contributor

тАО04-13-2005 09:27 PM

тАО04-13-2005 09:27 PM

Re: root password on the trusted system

do i have to untrust the system to run this command??
0 Kudos
Reply
Mark Nieuwboer
Esteemed Contributor

тАО04-13-2005 09:39 PM

тАО04-13-2005 09:39 PM

Re: root password on the trusted system

No you won't have to change to u non trusted system. see the man pages of modprpw.

grtz. Mark
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

тАО04-13-2005 09:48 PM

тАО04-13-2005 09:48 PM

Re: root password on the trusted system

Hi Vishal,
I cant understand one thing, you are running a trusted system and if the root password expires why do you have to reboot the system into single user to reset the password?
If the password gets disabled/expired console login as root is still allowed and then you can change the password.

Cheers
Rajeev
0 Kudos
Reply
Lawrence Mahan
Frequent Advisor

тАО04-15-2005 03:16 AM

тАО04-15-2005 03:16 AM

Re: root password on the trusted system

Do you have your /etc/securetty file set-up? If so what is in the file? For security you should only have a single line in the file. This line should be:

console

This way only the console port has initial root login rights. With this set-up you should be able to login as root on the console regardless of wither the password has expired or not.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО04-15-2005 05:39 AM

тАО04-15-2005 05:39 AM

Re: root password on the trusted system

If the root password expires, and you have full sudo access, all you need to do to reactivate root is:

# sudo /usr/lbin/modprpw -k root

Then you can login as root again.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО04-15-2005 07:47 AM

тАО04-15-2005 07:47 AM

Re: root password on the trusted system

None of those steps are necessary. If the root user password expires, you simply provide a new one. Login/paasswd will ask you for the old one, and then the new one.

Perhaps you mean that the root account is locked. That's different and can easily happen if someone tries to login too many times. You want this account locked because it may be a hacker trying to get in. In that case, you cal *ALWAYS* login through the console (not telnet) with the root account locked.

There is never a reason to use tsconvert -r


Bill Hassell, sysadmin
0 Kudos
Reply
RAC_1
Honored Contributor

тАО04-15-2005 07:52 AM

тАО04-15-2005 07:52 AM

Re: root password on the trusted system

First thing is when you convert system to trusted mode using command line, (/etc/tsconvert) all passwords will expire. So if you convert system to trusted mode, you should do as follows.

/etc/tsconvert;/usr/lbin/modprpw -V
man modprpw for details.

But, you convert system to trusted mode with SAM, you do not need to do all this.

Now, why root password is expiring??
/usr/lbin/getprpw -m root
Check for exptm, lftm, expwarn and mintm. All should be set to 0, if not set it to zero

/usr/lbin/modprpw -m mintm=0 root and so on for all baove settings. OR you can do all this through SAM.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.