Operating System - Tru64 Unix
1839235 Members
2802 Online
110137 Solutions
New Discussion

Re: failed to write protected password entry

 
SOLVED
Go to solution
Ronny_7
Regular Advisor

failed to write protected password entry

Hi,

My customer has a GS60 running on Tru64 Unix V5.1 with C2.

He gets this message when he tried to change the password for one of his user account.

Password not changed: failed to write protected password entry.

The owner and group of passwd is bin:bin, could this be the cause?
-rw-r--r-- 1 bin bin 2268 Jul 8 11:18 passwd

He can change the password of this account with no problem when he use the account manager.

Any advise?

Regards,
Ronny
9 REPLIES 9
Lee Joon Moon
Occasional Advisor

Re: failed to write protected password entry

Hello Everyone.

According to my experience, a normal user can his/her password by himself.
For example

Tru64@redmoon> password
(current)UNIX password:


But the user type like this, (s)he could get failure.

Tru64@redmoon> password redmoon
passwd: Only root(or root group's users) can specify a username.

Have a nice day.




Ralf Puchner
Honored Contributor

Re: failed to write protected password entry

Are you using NIS/YP with C2?
Help() { FirstReadManual(urgently); Go_to_it;; }
Ronny_7
Regular Advisor

Re: failed to write protected password entry

Hi Ralf,

The system is not configured with NIS.

One strange finding, the entries for root and this affected account in the /etc/passwd are showing the encrypted passwords which I thought for C2 security, it should be replaced by an asterisks.

I have ran authck -vp but no errors reported.

Regards,
Ronny
Ralf Puchner
Honored Contributor
Solution

Re: failed to write protected password entry

Hello Ronny,

first try to check the correct permission

# ls -al /usr/bin/passwd
-rws--x--x 3 root bin 33024 # touch /var/adm/sialog
# cat /var/adm/sialog

please check also the content of /etc/svc.conf and remove /etc/passwd.dir and /etc/passwd.pag files.

A simple method to autocorrect problems with C2 is to change the security from "enhanced" to "base" and reverse. Use secsetup or sms station, be sure you have made a valid backup of the root partition.


Help() { FirstReadManual(urgently); Go_to_it;; }
Dave Bechtold
Respected Contributor

Re: failed to write protected password entry

Hi Ronny,

I'd first reset the /etc/passwd file back to owner=root, group=system ; as it's expected to be set.

Then I'd check the protected password database file(s) as appropriate.

/tcb/files/auth.db (UID's 0-99)
/var/tcb/files/auth.db (UID's 100+)

Make sure permissions and owner/group are set properly.

If the password fields in /etc/passwd are encrypted and not * I'd wonder if the account was every usable under C2, if yes what would have tampered with the password?

Then I'd check the following:

- Check for inconsistencies in password files

# /usr/sbin/pwck -sm
> See if any errors and correct

- Make sure prpasswdd daemon is running, maybe try restarting it.

# /sbin/init.d/prpasswd restart

- Run fverify on OSFC2SEC subset inventory file to make sure all the C2 utilities are properly installed.

# cd /
# /usr/lbin/fverify < /usr/.smdb./OSFC2SEC510.inv

The error you've reported is most common when using C2 with yp and related to rpc.yppasswdd problems.

Hope this helps.

Regards,
Dave Bechtold
Ronny_7
Regular Advisor

Re: failed to write protected password entry

Hi Ralf and Dave,

Thank you very much for your advise and recommendations.

I will try them out.

Regards,
Ronny
Ronny_7
Regular Advisor

Re: failed to write protected password entry

As per above replies.
Bill Sadvary
Frequent Advisor

Re: failed to write protected password entry

Ronnie,

Do you recall what the fix was?

Every once in a while we have a person run into this same problem but 99.9% of the time it works fine for thousands of users. We're running C2 but no NIS or YP.

I couldn't find any problems when trying the checks in the previous postings.

-Bill
Ronny_7
Regular Advisor

Re: failed to write protected password entry

Hi Bill,

As I posted this query few years back, therefore I am not able to remember what was the fix eventually.
Sorry.

Regards,
Ronny