HPE Community
Operating System - HP-UX
1833788 Members
2589 Online
110063 Solutions
New Discussion

Trusted Mode Root Lockout

 
Randy Gelineau
Occasional Advisor

‎07-08-2004 12:19 AM

‎07-08-2004 12:19 AM

Trusted Mode Root Lockout

Is there a way to force trusted mode to NOT lockout the root account?

We have not identified exactly why the root account is getting locked out but we think it is do to logs filling up.

0 Kudos
Reply
6 REPLIES 6
RAC_1
Honored Contributor

‎07-08-2004 12:27 AM

‎07-08-2004 12:27 AM

Re: Trusted Mode Root Lockout

On trusted system, three unsuccessfuly logins attempts will lock the account. This is controlled by umaxlntr.

/usr/lbin/getprdef -m umaxlntr
/usr/lbin/modprdef -m umaxlntr=5

Now 5 unsuccessfult logins attempts will lock the account

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Bharat Katkar
Honored Contributor

‎07-08-2004 12:46 AM

‎07-08-2004 12:46 AM

Re: Trusted Mode Root Lockout

HI,
Have a look at the doc attached.
Hope that helps.
Regards,
You need to know a lot to actually know how little you know
0 Kudos
Reply
Randy Gelineau
Occasional Advisor

‎07-08-2004 12:59 AM

‎07-08-2004 12:59 AM

Re: Trusted Mode Root Lockout

root will not be able to get into the machine to run any commands if its account is locked.

I would rather not boot into single user mode to unlock it. This is the situation we are trying to avoid.
0 Kudos
Reply
Darren Prior
Honored Contributor

‎07-08-2004 01:25 AM

‎07-08-2004 01:25 AM

Re: Trusted Mode Root Lockout

Hi Randy,

You can change the values for root either as RAC suggested, or via SAM. It's also worth looking at the output of /usr/lbin/getprpw root regularly to see attempted login times and ttys to give you a clue as to what's going on.

Which logs do you suspect are filling up? If your system is configured such that / can fill up with logs then it's possible that this is the cause. However, in this instance I believe that root is only locked out because there's no way of writing logs when you attempt to login, rather than being locked out within the /tcb area.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
RAC_1
Honored Contributor

‎07-08-2004 01:33 AM

‎07-08-2004 01:33 AM

Re: Trusted Mode Root Lockout

You can log in through console.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎07-08-2004 01:38 AM

‎07-08-2004 01:38 AM

Re: Trusted Mode Root Lockout

Hi,

If the root account is locked, it will allow you to login from the console and you can enable the account by running "modprpw -k root".

If you do not want your root account locked, then turn off (make it 99) maximum number of unsuccessful attempts as previously mentioned. If you are planning to do so, then make sure you have /etc/securetty file so that no one will be able to login from other than console. Have a mechanism to notify you after certain number (say 10) of successive unsuccesful attempts so you can keep an eye on malicious attempts.

To find out why root account is getting locked, look at your 'lastb' and the 'unsuccessful su - root' entries in /var/adm/sulog.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.