Solved: Re: user can not able to change passwd

Cem Tugrul · ‎08-25-2005

it is very strange situation;
i have a trusted system and passwd aging(enable) sometimes the problem is a user
can not able to change owm passwd;He logons to
system with valid passwd and then try;
$ passwd
Changing password for ut0hg
Old password:
Sorry.

i have more than 500 users.this problem is not
only for the user ut0hg i mean the problem same
but users changes.

Let me continue to give more details;

baan01:/usr/lbin#./getprpw ut0hg
uid=463, bootpw=NO, audid=195, audflg=1, mintm=-1, maxpwln=-1, exptm=30, lftm=60, spwchg=Fri Jul 29 15:00:35 2005, upwchg=Fri Aug 26 10:33:50 2005, acctexp=-1, llog=-1, expwarn=15, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Aug 26 10:33:14 2005, ulogint=Wed Aug 17 17:32:28 2005, sloginy=pts/tc, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000

another user;
baan01:/usr/lbin#./getprpw ut3ey
uid=595, bootpw=NO, audid=255, audflg=1, mintm=-1, maxpwln=-1, exptm=30, lftm=60, spwchg=Fri Aug 26 08:29:19 2005, upwchg=Thu Aug 25 16:03:31 2005, acctexp=-1, llog=-1, expwarn=15, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Aug 26 09:40:59 2005, ulogint=Wed Aug 24 13:40:59 2005, sloginy=-1, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000

My pwd againg properties;

baan01:/tcb/files/auth/system#more default
default:\
:d_name=default:\
:d_boot_authenticate@:\
:u_pwd=*:\
:u_owner=root:u_auditflag#-1:\
:u_minchg#0:u_maxlen#10:u_exp#2592000:u_life#5184000:\
:u_pw_expire_warning#1296000:u_pswduser=root:u_pickpw:u_genpwd@:\
:u_restrict:u_nullpw@:u_genchars@:u_genletters@:\
:u_suclog#0:u_unsuclog#0:u_maxtries#3:u_lock:\
:\
:t_logdelay#2:t_maxtries#10:t_login_timeout#0:\
:chkent:

so this means;

Time beetween passwd changes:0
passwd expt times :30
passwd expt warning time :15
passwd life time :60

Another issue;
baan01:/tcb/files/auth/system#pwck -l

smbnull:*:101:101:DO NOT USE OR DELETE - needed by Samba:/home/smbnull:/sbin/sh
Login directory not found

webadmin:*:40:1::/usr/obam/server/nologindir:/usr/bin/false
Login directory not found

tools:*:129:125:,,,:/home/tools:/usr/bin/ksh
Login directory not found
Checking password length in protected database password files...
bsp has a password > 8 characters
ut4ha has a password > 8 characters
ut0zs has a password > 8 characters
ut0ry has a password > 8 characters
ut0fk has a password > 8 characters
ut0kc has a password > 8 characters
ut0ig has a password > 8 characters
ut1ca has a password > 8 characters
ut1kd has a password > 8 characters
ut5ek has a password > 8 characters
ut0dc has a password > 8 characters
ut0hs has a password > 8 characters
ut2nc has a password > 8 characters
ut2ka has a password > 8 characters
ut1gb has a password > 8 characters
ut7at has a password > 8 characters
ut3ok has a password > 8 characters
ut1fd has a password > 8 characters
ut0ao has a password > 8 characters
bf004 has a password > 8 characters
bf005 has a password > 8 characters
bm003 has a password > 8 characters
bm004 has a password > 8 characters
a1707 has a password > 8 characters
b0326 has a password > 8 characters

Another issue (maybe help);

login: ut0hg
Password:
Last successful login for ut0hg: Fri Aug 26 10:33:14 EET-2EETDST 2005 on pts/tc
Last unsuccessful login for ut0hg: Wed Aug 17 17:32:28 EET-2EETDST 2005
Your password will expire on Sun Aug 28 15:00:35 EET-2EETDST 2005

Any precious help would be appreciated&pointed

Grts from Turkey,

Our greatest duty in this life is to help others. And please, if you can't

Victor BERRIDGE · ‎08-25-2005

Hi Cem,
Are you sure your user is not trying after typing passwd to give the new passwd when thy system is asking him the old?

All the best
Victor

Cem Tugrul · ‎08-25-2005

Hi Victor,

HP-UX baan01 B.11.11 U 9000/800 (td)

login: ut0hg
Password:
Last successful login for ut0hg: Fri Aug 26 11:12:03 EET-2EETDST 2005 on pts/td
Last unsuccessful login for ut0hg: Fri Aug 26 11:11:55 EET-2EETDST 2005 on pts/td
Your password will expire on Sun Aug 28 15:00:35 EET-2EETDST 2005

Please wait...checking for disk quotas
(c)Copyright 1983-2000 Hewlett-Packard Co., All Rights Reserved.
(c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Novell, Inc.
(c)Copyright 1986-1992 Sun Microsystems, Inc.
(c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
(c)Copyright 1989-1993 The Open Software Foundation, Inc.
(c)Copyright 1986 Digital Equipment Corp.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1990, 1991, 1992 Cornell University
(c)Copyright 1989-1991 The University of Maryland
(c)Copyright 1988 Carnegie Mellon University
(c)Copyright 1991-2000 Mentat Inc.
(c)Copyright 1996 Morning Star Technologies, Inc.
(c)Copyright 1996 Progressive Systems, Inc.
(c)Copyright 1991-2000 Isogon Corporation, All Rights Reserved.

RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the U.S. Government is subject to
restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in
Technical Data and Computer Software clause in DFARS 252.227-7013.

Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA 94304 U.S.A.

Rights for non-DOD U.S. Government Departments and Agencies are as set
forth in FAR 52.227-19(c)(1,2).

M A N Turkiye A.S.
+------------------------------------+
: B a a N 0 1 :
: HP SuperDOME Production System :
: HP UX 11.11 :
: RP2450 9000/800/SD16000 :
+------------------------------------+

$ passwd
Changing password for ut0hg
Old password:
Sorry.

As you seen i have just logon the system
and i know his passwd so if he changed
i could not logon,too...

Also his hands still up over the keyboard
:-)))

Our greatest duty in this life is to help others. And please, if you can't

yut · ‎08-30-2005

try to changes user password by root user then try again to change his own password.

-yut-

Zigor Buruaga · ‎08-30-2005

Hi Cem,

Is it possible that any of your users is running a different "passwd" command, and not the standard one, maybe a wrapped one in other path?

Regards,
Zigor

Mel Burslan · ‎08-30-2005

Cem,

can you say that these failed password change attempts happen when the users' password already expired ? Or is the same thing happening to the users' whose passwords are still active ? If it is the first case, try unlocking the user before he/she ateempts to change the password and see if that approach works.

________________________________
UNIX because I majored in cryptology...

Tvs · ‎08-30-2005

hi,

can u pls checkup what is the output of

ls -l /usr/bin/passwd

it should be,
$ ls -l passwd
-r-sr-xr-x 5 root bin 53248 May 17 2003 asswd
like this.

Cem Tugrul · ‎08-30-2005

baan01:/#ls -l /usr/bin/passwd
-r-sr-xr-x 5 root bin 45056 Nov 14 2000 /usr/bin/passwd

Our greatest duty in this life is to help others. And please, if you can't

Cem Tugrul · ‎08-30-2005

login: ut0hg
Password:
Last successful login for ut0hg: Fri Aug 26 16:28:30 EET-2EETDST 2005 on pts/tc
Last unsuccessful login for ut0hg: Wed Aug 31 13:57:08 EET-2EETDST 2005 on pts/td
Your password has expired.
Choose a new password.
Changing password for ut0hg
Old password:
Sorry.
Login aborted due to no password.

Wait for login exit: ..

As you seen,passwd for the account expired
when i logon the system with old passwd so
when i try to change and same behaviour...

so i can able to change passwd of this user
via root and then user can change but i try
to find out the problem Why my system behaves
like this?

Any suggestions...

Our greatest duty in this life is to help others. And please, if you can't

john korterman · ‎08-30-2005

Hi Cem,

just a thought....
as root can change a user's password and some users cannot, it indicates that the system does not particularly like the characters presented by some users.

Check, for instance, if the users that have no problems are also users that do not use any special characters for pw.

Far out: a special character is defined for deletion for the terminal...

regards,
John K.

it would be nice if you always got a second chance

Cem Tugrul · ‎08-30-2005

login: ut0hg
Password:
Last successful login for ut0hg: Fri Aug 26 16:28:30 EET-2EETDST 2005 on pts/tc
Last unsuccessful login for ut0hg: Wed Aug 31 14:03:28 EET-2EETDST 2005 on pts/td
Your password has expired.
Choose a new password.
Changing password for ut0hg
Old password:
Sorry.
Login aborted due to no password.

Wait for login exit: ..

Our greatest duty in this life is to help others. And please, if you can't

Cem Tugrul · ‎08-30-2005

John,

the passwd of this user is kanarya01
so i can logon the system and then when i want to change (as seen below);so this means
the passwd kanarya01 system accept and logon
and want to change and write kanarya01 as old
passwd this message occures so if something
wrong with the passwd (kanarya01) so system
can not loggon if accepts with this passwd so
why can not accept as old pwd?????????????

login: ut0hg
Password:
Last successful login for ut0hg: Fri Aug 26 16:28:30 EET-2EETDST 2005 on pts/tc
Last unsuccessful login for ut0hg: Wed Aug 31 14:03:28 EET-2EETDST 2005 on pts/td
Your password has expired.
Choose a new password.
Changing password for ut0hg
Old password:
Sorry.
Login aborted due to no password.

Wait for login exit: ..

Our greatest duty in this life is to help others. And please, if you can't

Cem Tugrul · ‎08-30-2005

the user ut3hg account status;
baan01:/usr/lbin#./getprpw ut0hg
uid=463, bootpw=NO, audid=195, audflg=1, mintm=-1, maxpwln=-1, exptm=30, lftm=60, spwchg=Fri Jul 29 15:00:35 2005, upwchg=Wed Aug 31 14:04:46 2005, acctexp=-1, llog=-1, expwarn=15, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Aug 26 16:28:30 2005, ulogint=Wed Aug 31 14:04:46 2005, sloginy=pts/tc, culogin=1, uloginy=pts/td, umaxlntr=-1, alock=NO, lockout=0000000

Our greatest duty in this life is to help others. And please, if you can't

Raj D. · ‎08-30-2005

Hi Cem ,

1. Have you tried reseting the password through root , what happens,

# passwd ut0hg

2. Else you can replace the

:u_pwd=

entry in the /tcb/files/auth/u/ut0hg , to a new known password string.

And hope that will work.

Cheers ,
Raj.

" If u think u can , If u think u cannot , - You are always Right . "

john korterman · ‎08-30-2005

Hi again,

ok, it was just a thought.

Do you see the same behaviour if you - as root - change the user's pw to 8 or fewer chars?

regards,
John K.

it would be nice if you always got a second chance

Cem Tugrul · ‎08-30-2005

Raj,
of course i can able to reset the paswd of
my user ut0hg but i do not want to do this
because i am still trying to find out
what is wrong on my system?

How do you explain this situation?
is there any lock mechanism?
the system accepts the user ut0hg with passwd
kanarya01 and then refuses the changing passwd ?????????? seems old passwd is not
kanarya01
!!!!!!???????

Our greatest duty in this life is to help others. And please, if you can't

john korterman · ‎08-31-2005

Hi again,

the situation can be caused by the user's pw being longer than 8 characters before the system was converted to trusted.

If that is the case, you have to reset the user's pw to max. 8 chars - as root.

regards,
John K.

it would be nice if you always got a second chance

Raj D. · ‎08-31-2005

Hi Cem ,

It seems like the password of user : ut0hg , was set something , likely to be less than 6 ch or so , before it was a trusted system. And after it is become trusted system , its not allowing to change the pw from the same user , as it needs to maintain password rules.

So if this is the case , needs to change from root , and once change done , you can try by logging from the user login to change the passwd further. It seems the user never changed the pw so far.

Hope this will help ,
Cheers,

Raj.

" If u think u can , If u think u cannot , - You are always Right . "

Cem Tugrul · ‎08-31-2005

Hmmmmmm,yes we did (convert untrus-->trusted)
mechanism to install shh 2 months ago
so the behaviour refers it)
i reset passwd for my user ut0hg and
hoping from now on no such a kind of behaviour :-))
Thank's so much...

Our greatest duty in this life is to help others. And please, if you can't

Cem Tugrul · ‎08-31-2005

Solution from John & Raj...
Thank's guys

Our greatest duty in this life is to help others. And please, if you can't