Hewlett Packard Enterprise Community
Help
cancel
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

user lockout

Steve Lewis
Honored Contributor
‎10-01-2008 01:09 AM
‎10-01-2008 01:09 AM

user lockout

I think my brain must be fried.

My normal user account is locked out of a server. Its in trusted mode.

I tried /usr/lbin/modprpw -k -l but when I login with ssh it still says Permission denied, please try again.

I then tried resetting my password thinking that I must have the wrong one, but it said
You may not use the same password.
Heres the getprpw output:

uid=207, bootpw=NO, audid=60, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Wed Sep 17 13:33:12 2008, upwchg=-1, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jun 6 02:00:04 2008, ulogint=-1, sloginy=-1, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000

0 Kudos
7 REPLIES 7
Suraj K Sankari
Honored Contributor
‎10-01-2008 01:35 AM
‎10-01-2008 01:35 AM

Re: user lockout

Hi,

As per your output lockout=0000000 means user is not locked check your passwd and .profile, if possible try to change your passwd.

Suraj
0 Kudos
David de Beer
Valued Contributor
‎10-01-2008 01:57 AM
‎10-01-2008 01:57 AM

Re: user lockout

Probably not the best solution but using sam for these tasks makes life simpler, it usually picks up the problems (which I wasn't able to solve from the command line).
0 Kudos
SKR_1
Trusted Contributor
‎10-01-2008 02:40 AM
‎10-01-2008 02:40 AM

Re: user lockout

Try to reset the password again with below commands.

/usr/lbin/modprpw -k userid (unlock/enable)
/usr/lbin/modprpw -x userid ( reset the password )

Thanks

SKR
0 Kudos
Steve Lewis
Honored Contributor
‎10-01-2008 03:45 AM
‎10-01-2008 03:45 AM

Re: user lockout

Well I tried all your suggestions.
resetting the password lets me log in, only to have to change it again, it then kicks me out immediately to log in again with the new password. When I do that it says permission denied!

Then I tried a brute force approach of copying my file in /tcb/files/auth/l/username to this box, but that hasnt worked either.

I then tried removing the .ssh directory in my home directory. I checked the IPs to ensure I was connecting to the machine I thought I was.
I still can't log in as myself.
0 Kudos
Steve Lewis
Honored Contributor
‎10-01-2008 03:47 AM
‎10-01-2008 03:47 AM

Re: user lockout

btw I'm not using NIS or LDAP or any centralised user management system, just local files.
0 Kudos
Steve Lewis
Honored Contributor
‎10-30-2008 03:55 AM
‎10-30-2008 03:55 AM

Re: user lockout

I just solved my own problem, weeks later.

My password was 9 chars long. It didnt let me in even when I unlocked the account.
Strangely enough it did let me su -. Its just sshd which didnt like the 9 character password.
When I changed the password to something else 9 characters long it still wouldn't let me in.
When I changed it to something 8 characters long it did let me in.

The file /etc/default/security has MIN_PASSWORD_LENGTH=8
but nothing relating to maximum password length.

I think this problem must have been fixed in a patch because it only occurs on old systems.
0 Kudos
Highlighted
Steve Lewis
Honored Contributor
‎10-30-2008 03:57 AM
‎10-30-2008 03:57 AM

Re: user lockout

Solved, had to reduce password length to precisely 8 characters on these old systems.
Appears to be an sshd bug.
Patch, patch...
0 Kudos