Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unable to change password
Operating Systems HP-UX Unable to change password Post 302762781 by zazzybob on Tuesday 29th of January 2013 03:45:56 AM
Old 01-29-2013
Try

Code:
# /sbin/passwd username

That should bypass the security policy.

Cheers,
ZB
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Change password by pushing encrypted password to systems

I'm tasked to change a user's password on multiple Linux systems (RH v3). I though copying the encrypted password from one Linux /etc/shadow file to another would work but I was wrong. The long term solution is to establish an openLDAP Directory service, but for now I'm stuck with a manual... (1 Reply)
Discussion started by: benq70
1 Replies

2. SCO

unable to change password

I have forgotten password of the system.I am having SCO Unixware 2.1.2.I am trying to change the password of the system by booting it with boot floopy.I edited the shadow file and made the password field blank.But I am not able to login.When I try to change the password of root or any id using... (1 Reply)
Discussion started by: girish_shukla
1 Replies

3. UNIX for Advanced & Expert Users

unable to change user password from nis client

I trying to change the user1 passwd from NIS client i.e #passwd -r nis user1 Enter user1's password; Can I change the password without having to enter user password? Mnay Thanks (1 Reply)
Discussion started by: sam786
1 Replies

4. HP-UX

Unable to change root password

Hi, Some how my root password expired for my hp_ux 10.20 machine and when i tried to change the password it displays file system full error how to resolve this issue At first it accepts newpassword and while saving it some where the problem is..... I am logging as root ........ ... (4 Replies)
Discussion started by: jagan_kalluri
4 Replies

5. Shell Programming and Scripting

how to change root password using shell script with standard password

Hi Friends. I am new to scripting now i want to change the root password using the script with standard password. which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Discussion started by: kurva
2 Replies

6. UNIX for Dummies Questions & Answers

Unable To Change a User's Password

I am trying to change a user's Password, but I get the error "Password Cannot be changed; see account Administrator". Yet I am logged in as root. I also cannot access the Accounts Manager facility when SCO when using System Administration screen Error "Unable to get initial list of users" (2 Replies)
Discussion started by: Waitstejo
2 Replies

7. Solaris

Unable to change password for a user.

I am getting the following error message "passwd: User unknown: username" Permission denied error message when trying to change the password for that given user account. The user account is within the /etc/passwd file and I can also su to the account without any problems. This is sever is not... (11 Replies)
Discussion started by: eckmanb
11 Replies

8. UNIX for Advanced & Expert Users

unable to change the root password?

I tried to change the root password. but it shows the following error. passwd: Authentication token manipulation error passwd: password unchanged If I login as a normal user that time I'm able to change my (user) password. If I login as a ROOT then I'm not able to change the password root... (6 Replies)
Discussion started by: ungalnanban
6 Replies

9. UNIX for Dummies Questions & Answers

Unable to change password using root user

Hi, I tired changing password for mqm user in linux server with root user. But still I couldn't able to login mqm user with changed password. Can anyone please help on this. # passwd mqm Thanks, Anusha (4 Replies)
Discussion started by: Anusha M
4 Replies

10. Forum Support Area for Unregistered Users & Account Problems

Password sent via reset password email is 'weak' and won't allow me to change my password

I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login. Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies

LEARN ABOUT CENTOS

sysadm_passwd_selinux

sysadm_passwd_selinux(8)				   SELinux Policy sysadm_passwd 				  sysadm_passwd_selinux(8)

NAME

       sysadm_passwd_selinux - Security Enhanced Linux Policy for the sysadm_passwd processes

DESCRIPTION

       Security-Enhanced Linux secures the sysadm_passwd processes via flexible mandatory access control.

       The  sysadm_passwd  processes execute with the sysadm_passwd_t SELinux type. You can check if you have these processes running by executing
       the ps command with the -Z qualifier.

       For example:

       ps -eZ | grep sysadm_passwd_t

ENTRYPOINTS

       The sysadm_passwd_t SELinux type can be entered via the admin_passwd_exec_t file type.

       The default entrypoint paths for the sysadm_passwd_t domain are the following:

       /usr/bin/vigr, /usr/bin/vipw, /usr/sbin/vigr, /usr/sbin/vipw, /usr/sbin/pwconv, /usr/sbin/grpconv, /usr/sbin/pwunconv, /usr/sbin/grpunconv

PROCESS TYPES

       SELinux defines process types (domains) for each process running on the system

       You can see the context of a process using the -Z option to ps

       Policy governs the access confined processes have to files.  SELinux sysadm_passwd policy is very flexible allowing users  to  setup  their
       sysadm_passwd processes in as secure a method as possible.

       The following process types are defined for sysadm_passwd:

       sysadm_passwd_t

       Note:  semanage permissive -a sysadm_passwd_t can be used to make the process type sysadm_passwd_t permissive. SELinux does not deny access
       to permissive process types, but the AVC (SELinux denials) messages are still generated.

BOOLEANS

       SELinux policy is customizable based on least access required.  sysadm_passwd policy is extremely flexible and has  several  booleans  that
       allow you to manipulate the policy and run sysadm_passwd with the tightest access possible.

       If  you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the authlo-
       gin_nsswitch_use_ldap boolean. Disabled by default.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If you want to deny any process from ptracing or debugging any other processes, you must  turn  on  the	deny_ptrace  boolean.  Enabled	by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If  you	want  to  allow  all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

       If you want to allow confined applications to run with kerberos, you must turn on the kerberos_enabled boolean. Enabled by default.

       setsebool -P kerberos_enabled 1

       If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default.

       setsebool -P nis_enabled 1

       If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Enabled by default.

       setsebool -P nscd_use_shm 1

NSSWITCH DOMAIN

       If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server for the  sysadm_passwd_t,  you
       must turn on the authlogin_nsswitch_use_ldap boolean.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If you want to allow confined applications to run with kerberos for the sysadm_passwd_t, you must turn on the kerberos_enabled boolean.

       setsebool -P kerberos_enabled 1

MANAGED FILES

       The  SELinux  process  type sysadm_passwd_t can manage files labeled with the following file types.  The paths listed are the default paths
       for these file types.  Note the processes UID still need to have DAC permissions.

       passwd_file_t

	    /etc/group[-+]?
	    /etc/passwd[-+]?
	    /etc/passwd.adjunct.*
	    /etc/ptmptmp
	    /etc/.pwd.lock
	    /etc/group.lock
	    /etc/passwd.OLD
	    /etc/passwd.lock

       security_t

	    /selinux

       shadow_t

	    /etc/shadow.*
	    /etc/gshadow.*
	    /etc/nshadow.*
	    /var/db/shadow.*
	    /etc/security/opasswd
	    /etc/security/opasswd.old

       sysadm_passwd_tmp_t

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8), sysadm_passwd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)

sysadm_passwd							     14-06-10						  sysadm_passwd_selinux(8)
All times are GMT -4. The time now is 06:14 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy