HPE Community
Operating System - HP-UX
1847054 Members
5009 Online
110261 Solutions
New Discussion

Re: Trusted Mode

 
SOLVED
Go to solution
Jonathan Grymes
Frequent Advisor

‎04-03-2008 01:24 PM

‎04-03-2008 01:24 PM

Trusted Mode

I have an hp rx2620, HP-UX 11i V2. I put the server in Trusted Mode today and now all accounts are locked, including root. I get permission denied trying to log in via ssh and telnet. Any ideas?
0 Kudos
Reply
3 REPLIES 3
Tim Nelson
Honored Contributor

‎04-03-2008 01:44 PM

‎04-03-2008 01:44 PM

Solution

Re: Trusted Mode

root is always allowed via the console whether disabled or not. ( this is ASSUMING the message during login failure states that the account is "disabled")

If somehow all users ended up with an "*" in their password field just prior to the conversion then the only way to get in is to crash the server and boot to single user so you can set the root password. Try the console first.

Once you get on you can run the usernames through a loop to unlock.

cat user.list|while read list
do
modprpw -k $list
done


getprpw username to list the status' of the user.


Reply
Andres_13
Respected Contributor

‎04-03-2008 01:45 PM

‎04-03-2008 01:45 PM

Re: Trusted Mode

When system is on trusted mode you must define a how many times the users are allowed to try log on the system and once you reach it the only way to unlock accounts is via sam with the user root.

If root is locked then you must login from the console and this will unlock the root account.

Regards!
Reply
Bill Hassell
Honored Contributor

‎04-03-2008 02:11 PM

‎04-03-2008 02:11 PM

Re: Trusted Mode

This is normal if you use the un-recommended method to convert: tsconvert. The recommended method is to use SAM which will run tsconvert and also modprpw -V which resets the access times of all the user accounts. Just connect to the console (required) and login. Then run modprpw -V. If root's PATH is incorrect, you'll have to use the fullpath:

/usr/lbin/modprpw -V


Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.