Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Re-enabling a locked root account on Trusted HP-UX
Operating Systems HP-UX Re-enabling a locked root account on Trusted HP-UX Post 99502 by Perderabo on Friday 17th of February 2006 09:47:33 PM
Old 02-17-2006
Re-enabling a locked root account on Trusted HP-UX
I knew I had had seen this somewhere:
Code:
Q: How can I re-enable my root account when I typed in my password wrong 3 times and the account got disabled?

A: When your HP-UX system is in the more secure "trusted system" mode, your account is automatically disabled after 
you have entered your password incorrectly 3 times in a row. At this point, even if you enter the correct password, 
you will not be allowed access into the account.

There are a few options to re-enable the account:

    * If you have access to the system console you can login using the root account from the console (this will automatically 
       re-enable the account). Even when the account is disabled, login from the console will be allowed by default.
    * If you have another root account on the system, you can login using that account and reset the disabled user account using SAM.

      To re-enable a disabled user account on the system using SAM:
         1. Select the “Accounts for users and groups” section.
         2. Select “users.”
         3. Select the user account that is disabled.
         4. With the disabled user account selected, go to the top of the screen and select “Actions.”
         5. Select “Reactivate” to reactivate the disabled account.


While I was looking for the above information, I found this announcement: HP-UX security features supercede trusted mode. So I'm not sure how much longer the tip on re-enabling the root account will be useful. But I will this thread into our FAQ on recovering root passwords anyway. (Yes, I know the this "3 strikes and you're out" business isn't exactly a lost root password.)
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to Enable locked root account

Hi Every one I disable the root account entering wrong password for many time How can I enable the root account I am using Tru64 Unix V4.0G Thank you (2 Replies)
Discussion started by: Syed_45
2 Replies

2. AIX

root account has been locked

I'am set the root account locked ON, using smitty, so I can't login or su with root user in my AIX system, some one can help me to unlock root account login ???, sample : :~>su root's Password: 3004-301 Your account has been locked; please see the system administrator. 3004-501 Cannot su to... (1 Reply)
Discussion started by: Maker
1 Replies

3. Linux

Locked out of Mandrake 9.1 user account

Hi all, I've been using linux/unix now only for a couple of months and was doing ok until about 30 minutes ago... I needed to reboot into my windows 2000 partition, so, in a terminal I typed: shutdown -r now which duly rebooted the PC for me. On getting to the OS selection screen I... (5 Replies)
Discussion started by: alarmcall
5 Replies

4. Cybersecurity

lost root password using (SAM) trusted security

I have used the system administration management trusted security system and in the process the root password have been changed or lost. Is there any possible way to recover root status after this incident:( (5 Replies)
Discussion started by: jordanrt
5 Replies

5. AIX

account is always locked out

we have a user name "Test1" that account is alwyas locked out. The user has been used to many servers to ftp a file from the main server. i already increase the MaxStartups to 99. And still after how many days account will locked. (3 Replies)
Discussion started by: invinzin21
3 Replies

6. Solaris

Banner for Locked Account

Hi, I have enable Account lock for failed login attempts. I have configured 1) /etc/security/policy.conf 2)/etc/default/login To lock an account if it make multiple incorrect attempts to login to Solaris 10 server. I can see the account gets locked in /etc/shadow. I would like to... (1 Reply)
Discussion started by: menonk
1 Replies

7. UNIX for Dummies Questions & Answers

How do i list all locked account in linux?

Hi How do i list all locked account in my linux distributiion I have tried passwd -S -a but it seems to not working . My distribution details. # lsb_release -a LSB Version: :core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch Distributor ID: OracleVMserver... (3 Replies)
Discussion started by: pinga123
3 Replies

8. UNIX for Dummies Questions & Answers

Account is locked or login administratively denied

Hi, When I am trying to do ssh to a server it shows below error. Key setup is all good and it used to work well few days back. Now suddenly I am getting this error. ssh -i <private_key> <id>@<hostname> Received disconnect from <hostname> Account is locked or login administratively... (1 Reply)
Discussion started by: mahish20
1 Replies

9. HP-UX

Enable telnet as root to 11.31 non-trusted system?

I have a new box that was set up for me and I want to allow telnet to the box as root. I know that it's not secure but due to the nature of what I test I need an easy and reliable way back in if I've messed up the other connection methods(SSH). This is in a protected lab environment. Eventually... (17 Replies)
Discussion started by: gctaylor
17 Replies

10. UNIX for Dummies Questions & Answers

UNIX Account getting Locked Everyday between same Time Frame

I am facing an Issue with a particular Unix Account ( ie a particular Userid) getting LOCKED everyday between 7:30am and 8:00am. The Password associated with this particular Account has been setup such that it should never Expire at all but it does LOCK the Account after more than 3 failed... (5 Replies)
Discussion started by: pchegoor
5 Replies

LEARN ABOUT HPUX

pam_sm_acct_mgmt

pam_sm_acct_mgmt(3)					     Library Functions Manual					       pam_sm_acct_mgmt(3)

NAME

       pam_sm_acct_mgmt() - service provider implementation for pam_acct_mgmt

SYNOPSIS

       [flag]... file... [library]...

DESCRIPTION

       In response to a call to pam_acct_mgmt(3), the PAM framework calls from the modules listed in the pam.conf(4) file.  The account management
       provider supplies the back-end functionality for this interface function.  The applications should not call this API directly.

       The function, determines whether the current user's account and password are valid.  This includes checking for password and account  expi-
       ration,	valid  log-in  times,  etc.   The user in question is specified by a prior call to and is referenced by the authentication handle,
       pamh, which is passed as the first argument to The following flags may be set in the flags field:

       The account management service should not generate any messages.

       The account management service should return
	      if the user has a null authentication token.

       The argc argument represents the number of module options passed in from the configuration file pam.conf(4).   argv  specifies  the  module
       options, which are interpreted and processed by the account management service.	Please refer to the specific module man pages for the var-
       ious available options.	If an unknown option is passed to the module, an error should be logged through syslog(3C) and the option ignored.

       If an account management module determines that the user password has aged or expired, it should save this  information	as  state  in  the
       authentication handle, pamh, using uses this information to determine which passwords have expired.

APPLICATION USAGE

       Refer to pam(3) for information on thread-safety of PAM interfaces.

RETURN VALUE

       If there are no restrictions to logging in, is returned.  The following error values may also be returned upon error:

       User not known to underlying authentication module.

       New authentication token required.

       User account has expired.

       User denied access to account at this time.

       Ignore underlying account module regardless of whether the control
				     flag is or

       User account has been disabled (trusted mode only).

       Terminal has been disabled (trusted mode only).

       User is not authorized for terminal access (trusted mode only).

       Wrong time to login (trusted mode only).

WARNINGS

       HP-UX 11i Version 3 is the last release to support trusted systems functionality.

SEE ALSO

       pam(3), pam_acct_mgmt(3), syslog(3C), pam.conf(4).

															       pam_sm_acct_mgmt(3)
All times are GMT -4. The time now is 10:00 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy