Root account is locked in trusted mode while cim_server is started (252 Views)
Reply
Occasional Visitor
Echo_Fany
Posts: 1
Registered: ‎01-17-2014
Message 1 of 1 (252 Views)

Root account is locked in trusted mode while cim_server is started

  1. Run “/usr/lbin/tsconvert -c” to Change machine to trusted mode, and then run “/usr/lbin/modprpw -V”, no need to change root's password at next login after changing to trusted mode
  2. Wait about 5 mins, login as root via telnet, failed to login. It reports “Account is disable”, check the attribute of root user.

===============================

bash-4.2# /usr/lbin/getprpw root

uid=0, bootpw=YES, audid=0, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Fri Jan 17 14:24:01 2014, upwchg=-1, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jan 17 15:44:25 2014, ulogint=Fri Jan 17 15:00:07 2014, sloginy=-1, culogin=-1, uloginy=pts/tb, umaxlntr=-1, alock=NO, lockout=0001000

===============================

                   ----- >> the “lockout=0001000” which is unexpected

3. Check the syslogd.log file, it reports many message about “Authentication failed for user root.” about cimserver

===========================

bash-4.2# tail -f /var/adm/syslog/syslog.log

Jan 17 15:58:09 hp31ia2 cimserver[8400]: PGS17200: Authentication failed for user root.

Jan 17 15:58:11 hp31ia2 cimserver[8400]: PGS17200: Authentication failed for user root.

==========================

4. Stop “cimserver”, and then unlock root account

===========================

bash-4.2# /sbin/init.d/cim_server stop

PGS10019: CIM server is stopped.

bash-4.2# /usr/lbin/modprpw -k root

bash-4.2# /usr/lbin/getprpw root

uid=0, bootpw=YES, audid=0, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Fri Jan 17 14:24:01 2014, upwchg=-1, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jan 17 15:57:38 2014, ulogint=Fri Jan 17 15:58:40 2014, sloginy=pts/ta, culogin=-1, uloginy=pts/tc, umaxlntr=-1, alock=NO, lockout=0000000

============================

5. Wait about 30 mins, recheck attribut, the “lockout” is not changed, login as root via telnet or ssh, it works fine.

 

I'm confused why cim_server will lock root account, anyone can give me help, what's issue in my cim_server demon?

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.