Unix Intelligence Gathering
Tag: passwd
root@solaris:~ # passwd emerson
New Password:
passwd: password is based on a reversed dictionary word.Please try again
New Password:
Edit file /etc/default/passwd and comment the files containing DICTIONDBDIR and DICTIONLIST
root@solaris:~ # vi /etc/default/passwd
#DICTIONDBDIR=/var/passwd
#DICTIONLIST=/usr/share/lib/dict/words
root@solaris:~ # passwd emerson
New Password:
passwd: Password in history list.Please try again
New Password:
According to this blog post Solaris 10 Password History, Solaris 10 implemented a new parameter (HISTORY) in /etc/default/passwd. This parameter keeps all the used password to prevent password recycling.
You can set to a smaller number if you wish
root@solaris:~ # vi /etc/default/passwd
HISTORY=1
There is an HP-UX system that had the root password expired
user@linux:~ $ ssh root@hp-ux
Last successful login for root: Mon Apr 1 13:01:33 BRA3BDT 2013
Last unsuccessful login for root: Mon Apr 1 13:02:14 BRA3BDT 2013
Your password has expired.
Last login: Mon Apr 1 13:01:33 2013 from 172.16.4.198
Changing password for root
Old password:
Sorry.
I was unable to change the password since it is not known
root@hp-ux:/root # passwd root
Changing password for root
Old password:
Sorry.
Since there is no /etc/shadow file because this is a trusted system, to delete the root password you go to the /tcb/files/auth/r/root and delete the password from the :u_pwd attribute
root@hp-ux:/tcb/files/auth/r # cat root
root:u_name=root:u_id#0:\
:u_pwd=2576d348b7120d068cf812db81d2a414
:u_bootauth:u_auditid#0:\
:u_auditflag#1:\
:u_succhg#1348864982:u_unsucchg#1364832324:u_pswduser=root:u_suclog#1364832138:\
:u_unsuclog#1364832144:u_numunsuclog#1:u_maxtries#0:u_lock@:\
:chkent:
Then you should not have a problem to change the password
root@hp-ux:/tcb/files/auth/r # passwd root
Changing password for root
Last successful password change for root: Fri Sep 28 17:43:02 2012
Last unsuccessful password change for root: Mon Apr 1 13:05:24 2013Do you want (choose one letter only):
pronounceable passwords generated for you (g)
a string of letters generated (l) ?
to pick your passwords (p) ?Enter choice here: p
New password:
Re-enter new password:
Passwd successfully changed
root@linux:~ # passwd emerson
Changing password for emerson.
New Password:
Reenter New Password:
Password has been used already. Choose another.
Password changed
Linux is keeping the old password stored on /etc/security/opasswd. Delete the line containing the user that you’re trying to change the password
You can also check the file /etc/pam.d/common-password and look for a line with the parameter remember.
password required pam_pwhistory.so use_authtok remember=6 retry=3
root@solaris:/ # passwd emerson
New Password:
Re-enter new Password:
passwd: System error: no files password for emerson.
Permission denied
In this case there was a problem in the /etc/passwd file. There was a blank line between two users.
When you try to change the password of a user that recently changed its password and the server has the CA Access Control, the change will be denied.
root@solaris:/ # passwd username
CA Access Control sepass v12.0.1.1262 – Password replacement
Copyright (c) 2008 CA. All rights reserved.
Password was changed recently, cannot be changed again at this time.
To force the password change, type the command and change <username> and <password>to the values appropriate to your case
root@solaris:/ # /usr/seos/bin/selang -c “cu <username> pwasown (<password>)”
CA Access Control selang v12.0.1.1262 – CA Access Control command line interpreter
Copyright (c) 2008 CA. All rights reserved.(localhost)
Successfully updated USER <username>
(localhost)
Native:
===
Successfully updated USER <username>
The parameter PASSWORD_HISTORY_DEPTH in the /etc/default/security file controls how many past passwords HP-UX will remember the password to prevent the user from using the same old passwords he uses. Set the number as you like.
root@hp-ux11.11:/ # passwd user
Changing password for user
Last successful password change for user: Wed Apr 23 00:06:26 2008
Last unsuccessful password change for user: Thu FebĀ 7 12:34:42 2008New password:
You may not re-use a previously used password.
setaOffice 