root password recovery for hpux 11.22 (2465 Views)
Reply
Occasional Contributor
solaris72
Posts: 5
Registered: ‎07-01-2011
Message 1 of 11 (2,465 Views)
Accepted Solution

root password recovery for hpux 11.22

I lost  root password  for my unix server running 11iv2 and its a trusted system.  But fortunately i have sudo access to root from my user account.

 

Will the below steps will work to regain my password (i got it through web and it make sense)

 

sudo su -
enter your own password here
#id
you must see user id 0, which means you are root.
#cd /tcb/files/auth/r
#cp root backup_root

useradd -m dummy (or any unused username)
#passwd dummy
give it a password
#cd ../d
#cat dummy
copy the encrypted string on the password line up to the colon sign (do not include the colon)
#cd ../r
#vi root
delete the password string and paste the copied password string in its place, making sure the length of deleted string and pasted string are the same.
#passwd root
give password for user dummy as old password
select a new password and type twice !

 

Respected Contributor
Ken Grabowski
Posts: 271
Registered: ‎12-08-2003
Message 2 of 11 (2,449 Views)

Re: root password recovery for hpux 11.22

[ Edited ]

It's much easier than that. Just edit the /tcb/files/auth/r/root tcb file and change the password line to:

:u_pwd=:\

 

Then login as root and run passwd command to set the new password.

 

You can also use scp to overwrite the old file with a know password file from another server.

Occasional Contributor
solaris72
Posts: 5
Registered: ‎07-01-2011
Message 3 of 11 (2,441 Views)

Re: root password recovery for hpux 11.22

Thanks Ken

 

I recently implemented this in /etc/default/security for auditing.

 

MIN_PASSWORD_LENGTH=8
PASSWORD_HISTORY_DEPTH=24
PASSWORD_MIN_UPPER_CASE_CHARS=1
PASSWORD_MIN_LOWER_CASE_CHARS=1
PASSWORD_MIN_DIGIT_CHARS=1

 

and my old password is less than 8 characters and no special characters etc..  I beleive thats why it quits working?  Will emptying root password allow me to reset as it needs to go through above variables?

Respected Contributor
Ken Grabowski
Posts: 271
Registered: ‎12-08-2003
Message 4 of 11 (2,424 Views)

Re: root password recovery for hpux 11.22

I've had settings like that and never had a problem. But of course taking a copy of the tcb file before you start can never hurt.  Those configuration setting are normally used by the security files (pam) at login and when changing passwords. I've never heard of these settings invalidating an active account. 

Occasional Contributor
solaris72
Posts: 5
Registered: ‎07-01-2011
Message 5 of 11 (2,415 Views)

Re: root password recovery for hpux 11.22

Worked perfectly.

Acclaimed Contributor
Dennis Handly
Posts: 25,290
Registered: ‎03-06-2006
Message 6 of 11 (2,405 Views)

Re: root password recovery for HP-UX 11.22

>It's much easier than that.

 

Any reason you can't just use /sbin/passwd to change the password?

Does it work with trusted?

Respected Contributor
Ken Grabowski
Posts: 271
Registered: ‎12-08-2003
Message 7 of 11 (2,383 Views)

Re: root password recovery for HP-UX 11.22

Dennis,  passwd requires the prior root password to be known and entered when the system is set to trusted. When the root password is lost you only have this approach if you have SUDO or RBAC setup, or reboot to single user.

Acclaimed Contributor
Dennis Handly
Posts: 25,290
Registered: ‎03-06-2006
Message 8 of 11 (2,359 Views)

Re: root password recovery for HP-UX 11.22

>passwd requires the prior root password

 

Are you sure this is still true for /sbin/passwd?

Respected Contributor
Ken Grabowski
Posts: 271
Registered: ‎12-08-2003
Message 9 of 11 (2,357 Views)

Re: root password recovery for HP-UX 11.22

I've never seen any difference between /sbin/passwd and /usr/bin/passwd when changing the root password on a trusted system. It has always prompted for "Old password:" from 11iv1 through 11iv3.  Have you tried it and seen a different behavior?

Honored Contributor
Patrick Wallek
Posts: 13,787
Registered: ‎06-21-2000
Message 10 of 11 (2,353 Views)

Re: root password recovery for HP-UX 11.22

I just ran '/sbin/passwd root' on HP-UX 10.20, 11.0, 11.11, 11.23 and 11.31 and it asked for the old password on all servers.

 

I don't remember ever NOT being prompted for the old password, regardless of the passwd program used.

Acclaimed Contributor
Dennis Handly
Posts: 25,290
Registered: ‎03-06-2006
Message 11 of 11 (2,343 Views)

Re: root password recovery for HP-UX 11.22

>I don't remember ever NOT being prompted for the old password,

 

You're correct.  It does ask for a password in trusted mode.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.