Can't unlock user (Trusted Mode) (810 Views)
Reply
Highlighted
Frequent Advisor
Posts: 52
Registered: ‎08-02-2010
Message 1 of 4 (810 Views)
Accepted Solution

Can't unlock user (Trusted Mode)

Hi,

 

I'm getting a really weird behaviour in one of our HPUX 11.23 boxes, with Trusted Mode enabled.

 

When I want to unlock a user which has been disabled, it seems the modprpw does nothing:

 

server1@root:>getprpw -l user1
uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 10:43:33 2013, ulogint=Fri Jul 5 10:49:36 2013, sloginy=-1, culogin=3, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000

 

 

server1@root:>modprpw -k user1

 

server1@root:>getprpw -l user1

uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 10:43:33 2013, ulogint=Fri Jul 5 10:49:36 2013, sloginy=-1, culogin=3, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000

 

 

What could cause this? Things get ever more weird when I make a su - into the user, since it gets enabled:

 

server1@root:>su - user1

 

server1@user1:>exit
logout

 

server1@root:>getprpw -l user1
uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 11:01:36 2013, ulogint=Fri Jul 5 10:56:13 2013, sloginy=-1, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000

 

 

Any hints?

Honored Contributor
Posts: 13,908
Registered: ‎06-21-2000
Message 2 of 4 (787 Views)

Re: Can't unlock user (Trusted Mode)

After you run the 'modprpw' command to reactivate a user, run the command 'echo $?' to see what the return status of the command was.  It should be '0' if it is completing normally.

 

I would also make sure that your 'modprpw' command is correct.

 

Here is info from one of the 11.23 systems I have access to:

 

# whence -v modprpw
modprpw is /usr/lbin/modprpw

# ll /usr/lbin/modprpw
-r-xr-xr-x   1 bin        bin          49152 Sep  3  2003 /usr/lbin/modprpw

# what /usr/lbin/modprpw
/usr/lbin/modprpw:
        $Revision: 92453-07 linker linker crt0.o B.11.16.01 030415 $
         $Revision: B11.23_LR
         Fri Aug 29 21:29:08 PDT 2003 $

 

Trusted Contributor
Posts: 134
Registered: ‎01-15-2002
Message 3 of 4 (779 Views)

Re: Can't unlock user (Trusted Mode)

you can editmthe file for that user in the /tcb directory and change the flag that makes it locked
Emil Velez
HP UNIX Certified ATP ASE HPUX
Certified HP Instructor, ATP and ASE Server Solutions
ATP Storage

Master ASE Superdome Solutins



HP Education Services

Ask me about training on HP-UX, Proliant, ServiceGuard, StoreAll, StoreOnce, StoreServ, StoreEasy and High Availability

internet: Emil.Velez@hp.com
Linkedin: http://www.linkedin.com/in/emilvelez

Frequent Advisor
Posts: 52
Registered: ‎08-02-2010
Message 4 of 4 (751 Views)

Re: Can't unlock user (Trusted Mode)

Thanks to both for your help.

 

Yeah, there was a problem with the binary /usr/lbin/modprpw indeed, it was zero bytes size and the what command on it didn't show any output, it may have got overwritten somehow.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.