Can't unlock user (Trusted Mode) (365 Views)
Reply
Frequent Advisor
mpua
Posts: 51
Registered: ‎08-02-2010
Message 1 of 4 (365 Views)
Accepted Solution

Can't unlock user (Trusted Mode)

Hi,

 

I'm getting a really weird behaviour in one of our HPUX 11.23 boxes, with Trusted Mode enabled.

 

When I want to unlock a user which has been disabled, it seems the modprpw does nothing:

 

server1@root:>getprpw -l user1
uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 10:43:33 2013, ulogint=Fri Jul 5 10:49:36 2013, sloginy=-1, culogin=3, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000

 

 

server1@root:>modprpw -k user1

 

server1@root:>getprpw -l user1

uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 10:43:33 2013, ulogint=Fri Jul 5 10:49:36 2013, sloginy=-1, culogin=3, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000

 

 

What could cause this? Things get ever more weird when I make a su - into the user, since it gets enabled:

 

server1@root:>su - user1

 

server1@user1:>exit
logout

 

server1@root:>getprpw -l user1
uid=107, bootpw=NO, audid=17, audflg=1, mintm=0, maxpwln=-1, exptm=0, lftm=0, spwchg=Thu Jun 6 11:29:04 2013, upwchg=Thu Jun 6 11:28:52 2013, acctexp=-1, llog=-1, expwarn=0, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Fri Jul 5 11:01:36 2013, ulogint=Fri Jul 5 10:56:13 2013, sloginy=-1, culogin=-1, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0000000

 

 

Any hints?

Please use plain text.
Honored Contributor
Patrick Wallek
Posts: 13,720
Registered: ‎06-21-2000
Message 2 of 4 (342 Views)

Re: Can't unlock user (Trusted Mode)

After you run the 'modprpw' command to reactivate a user, run the command 'echo $?' to see what the return status of the command was.  It should be '0' if it is completing normally.

 

I would also make sure that your 'modprpw' command is correct.

 

Here is info from one of the 11.23 systems I have access to:

 

# whence -v modprpw
modprpw is /usr/lbin/modprpw

# ll /usr/lbin/modprpw
-r-xr-xr-x   1 bin        bin          49152 Sep  3  2003 /usr/lbin/modprpw

# what /usr/lbin/modprpw
/usr/lbin/modprpw:
        $Revision: 92453-07 linker linker crt0.o B.11.16.01 030415 $
         $Revision: B11.23_LR
         Fri Aug 29 21:29:08 PDT 2003 $

 

Please use plain text.
Trusted Contributor
Emil Velez_2
Posts: 120
Registered: ‎01-15-2002
Message 3 of 4 (334 Views)

Re: Can't unlock user (Trusted Mode)

you can editmthe file for that user in the /tcb directory and change the flag that makes it locked
Emil Velez
HP UNIX Certified (CSA, CSE HPUX 11i High Availability) HP Software (Openview) Certified Consultant
Certified HP Instructor, Technical Certified I and II SMB and Enterprise
Master ASE Superdome Solutins

HP Education Services

Ask me about training on Blades, Proliant, HP-UX, ServiceGuard, Polyserve, X9000, Virtual Libraries, and High Availability

internet: Emil.Velez@hp.com
Linkedin: http://www.linkedin.com/in/emilvelez

Please use plain text.
Frequent Advisor
mpua
Posts: 51
Registered: ‎08-02-2010
Message 4 of 4 (306 Views)

Re: Can't unlock user (Trusted Mode)

Thanks to both for your help.

 

Yeah, there was a problem with the binary /usr/lbin/modprpw indeed, it was zero bytes size and the what command on it didn't show any output, it may have got overwritten somehow.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation