Changing root's password
As my name says, I am new to Solaris. I inherited an x86 box running Solaris 9 and I do not know the password for the root account. I know that Linux allows you to boot into single user mode and change the password. Can someone tell me if there is a way to do this with Solaris 9?
TIA
This will only work if you're happy with the vi
text editor, regardless of platform.
If you've never used vi before, please find
a cheatsheet/tutorial on the web before
trying to edit /a/etc/shadow!
Just a couple of things to watch on x86 -- the
procedure will work, if you also:
1. Get a copy of the Solaris 9 CD 1.
2. Do a 'boot cdrom -s'. This boots into single-user mode.Instead of 2, let the BIOS boot from the CD,
let it discover devices, then when it asks
what kind of installation you want:-
1 Interactive
2 Jumpstart
<etc>
don't choose a number: this is where
you get to type in
boot -s
and hit 'return'.
When the CD boot completes, and you get
a prompt, run the 'format' command,
note the name of the disk (something
like 'c0t0d0'), and quit with ctrl-D.
x86 systems often see their disks
as c0d0, not c0t0d0 -- that's why
we're being cautious here.
You then need to run the prtvtoc
command, pointing it at '/dev/rdsk/the name of
the disk you just noted', plus 's2':
#prtvtoc /dev/rdsk/c0t0d0s2
or
#prtvtoc /dev/rdsk/c0d0s2
or
#prtvtoc /dev/rdsk/yourDiskNameHeres2
The final column of the prtvtoc output tells you
which partition is doing which job.
Normally, partition s0 houses the root (/)
partion, which is why step 3 below generally
works on a Sparc.
Here's my prtvtoc output.
# prtvtoc /dev/rdsk/c0t0d0s0
* /dev/rdsk/c0t0d0s0 partition map
* Dimensions:
* 512 bytes/sector
* 248 sectors/track
* 19 tracks/cylinder
* 4712 sectors/cylinder
* 7508 cylinders
* 7506 accessible cylinders
* Flags:
* 1: unmountable
* 10: read-only
* First Sector Last
* Partition Tag Flags Sector Count Sector Mount Directory
0 2 00 0 2049720 2049719 / <--THIS ONE!
1 4 00 2049720 8194168 10243887 /usr
2 5 00 0 35368272 35368271
3 7 00 10243888 25124384 35368271 /var
So for my machine, I need s0 on c0t0d0 -- on yours, look for the prtvtoc row ending in a '/', and note the
partition number in the first field.
You'll use this, preceded by an 's' for 'slice'
in the mount command below. If your '/' is partition
3, then use 's3' below.
Now we're good to go!
3. mount /dev/dsk/c0t0d0s0 /amount /dev/dsk/YourDiskNameYourRootPartion /a
eg
mount /dev/dsk/c0d0s3 /a
4. TERM=sun; export TERMhmm, on a PC monitor try
TERM=vt100; export TERM
5. vi /a/etc/shadow/And use your vi cheatsheet to navigate to
the second field of the root row,
and delete the field:
root:dTomYcgqKJjoo:12527::::::
becomes
root::12527::::::
6. init 6
ok, you now have no root password -- after
reboot, login as root and hit 'return' when
asked for a password.
To set a new password after reboot, run
the 'passwd' command.
Good luck.
PS. A fresh install might be easier.
Similar Messages
-
Changing Root MySQL Password - Possible?
Due to the departure of a former employee, we have need to change the root password for MySQL operating in OS X Apache on a Mac G4 tower. When we change the root password now for MySQL it seems to stop communicating with websites on the server which rely on it, even though each user database has its own unique user and password information. Are we hosed, or is it possible to change the root MySQL password in an environment where several websites on the server are already using databases within the MySQL set up?
This is a great a valuable forum, I welcome any and all comments. TIA!It should be possible to change the root password. If you have problems accessing the database afterwards then it sounds like your applications aren't using the usernames and passwords that were created for them.
If the apps are, indeed, using the root password this is something you should change. You'll need to check the apps' configurations and various logs to find out what they're using.
In addition, if you haven't already done so, check out NaviCat. It's a GUI front-end for administering MySQL. While I don't use it at all for table management, it's front-end for managing users and permissions is way ahead of the command line. -
Ok. So I just changed my ADMINISTRATIVE ROOT PASSWORD the other day and when I tried to log in today I forgot it. I tried different variations of
the password I had set, because I wasn't sure if i had maybe set it in Caps Lock or used a different number in the sequence. I got the message several times
about "too many attempts, try again later". Does the computer lock me from signing in even with the correct password after a certain amount of failed
attempts? If so, how long does this lock last for? When can I try again? Or is there something I need to do to remove that lock now? I'm pretty sure I
had the right password finally but it still wouldn't accept it.
Also, I don't have any other administrative users set up on my macbook pro. I'm the only one who uses it, so I've always just used that original User from my
original setup.giselafromclongriffin wrote:
Ok. So I just changed my ADMINISTRATIVE ROOT PASSWORD the other day and when I tried to log in today I forgot it. I tried different variations of
the password I had set, because I wasn't sure if i had maybe set it in Caps Lock or used a different number in the sequence. I got the message several times
about "too many attempts, try again later". Does the computer lock me from signing in even with the correct password after a certain amount of failed
attempts? If so, how long does this lock last for? When can I try again? Or is there something I need to do to remove that lock now? I'm pretty sure I
had the right password finally but it still wouldn't accept it.
Also, I don't have any other administrative users set up on my macbook pro. I'm the only one who uses it, so I've always just used that original User from my
original setup.
Do this:
1. Reboot
2. Hold apple key + s key down after you hear the chime. (command + s on newer Macs)
3. When you get text prompt enter in these terminal commands to create a brand new admin account (hitting return after each line):
(Type these commands very carefully)
mount -uw /
rm /var/db/.AppleSetupDone
shutdown -h now
4. After rebooting you should have a brand new admin account. When you login as the new admin you can change the passord on the old one. -
Change root MSE password and password requirment
Hi All, new to the MSE world during the install of my new MSE virtual 7.0 it asks to change the root password...however the password requirement would not let me change the password and thus fell back to the default. How can I change the root password and change the password requirement.
My intial password was 15 characters long, I had 2 upper case letters, 5 lower case letters, 5 numbers, and 3 other characters
Not sure how much more I need to have the root password secure but, it was....
Any suggestions or do I just need to make the root password double what I as making it.
Thanks,
DanDoesn't it allow you to skip (step 17 in below) & go on to configure login & password related parameters (step 18) change those restrictions ?
http://www.cisco.com/en/US/products/ps9742/products_tech_note09186a0080bb497f.shtml
Then run the setup script again & change the root password
HTH
Rasika
**** Pls rate all useful responses ***** -
Can not change root password for WCS
Need to change the root password for the web gui.
WCS is running on linux, i have tried to do the passwd user-root but it cames back saying it can not find the username.Alex
You could use the recovering password procedure for wcs as a workaround (chapter 14 of the following link http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/WCS70cg.html )
Recovering the WCS Password
You can change the WCS application root user or FTP user password. This option provides a safeguard if you lose the root password. An executable was added to the installer /bin directory (passwd.bat for Windows and passwd.sh for Linux). Follow these steps to recover the passwords and regain access to WCS. For password recovery on a wireless location device, refer to chapters 8 or 9 of the Cisco 2700 Series Location Appliance Configuration Guide.
Note If you are a Linux user, you must be the root user to run the command.
Step 1 Change to the WCS bin folder.
Step 2 Perform one of the following:
Enter passwd root-user newpassword to change the WCS root password. The newpassword is the root login password you choose.
or
Enter passwd location-ftp-user newuser newpassword to change the FTP user and password. The newuser and newpassword are the FTP user and password you choose.
Step 3 The following options are available with these commands:
•-q — to quiet the output
•-pause — to pause before exiting
•-gui — to switch to the graphical user interface
•-force — to skip prompting for configuration
Step 4 Start WCS. -
Keep changing root password, keeps telling me password is wrong in terminal.
I used the migration tool to copy my documents over from my PC, but it created a separate user account. I want to move those files to my current account, but I don't have permission to access the folder unless I'm logged into that account (in which case I don't have access to the folder I want to move them to). I tried to change the folder permissions, but it said my root user password was incorrect. I changed it, got no error in doing so, and tried again. Still got the error. I found a thread with a similar problem (but not the same one) and followed the instructions in it. Still got the same error. How can I fix this?
In the title of this thread you list "keeps telling me password is wrong in terminal"???
When you open terminal have you tried the command, without the quotes "dsenableroot"? You must be logged in as a local admin to do this.
If you try this, terminal will ask you for your admin account password then you can enter a new password for root and verify the new password. Exit terminal Log out and log back in with username root and the password you put in for the root account when you were in terminal.
There is a definite problem, or actually a couple of problems, with the directory utility when trying to enable root from directory Utility / edit. Going the dsenableroot in terminal clears these problems out. -
Where to change root, administrator, etc. passwords?
I have a desktop Intel Mac and an Xserve server. Besides the normal login passwords that are set in System Preferences/Accounts, where do I set the other passwords such as root (su) password, system administrator, etc.?
MikeSystem Administrator and root are one and the same user, and is not enabled by default so there is no password to change. If you "Enable Root User" (an option in one of the NetInfo Manager menus) you will be asked to supply a password for root.
But be sure you understand the consequences of enabling root. Once enabled, the password can be changed with the usual UNIX commands, as well as going through NetInfo Manager.
Apart from root and your normal login accounts, I don't know what other passwords you are referring to.. -
Startup disaster, Root/user password change, Please help!!
Hi, my ibook g4 was purchased on ebay through a seller with 100% feedback (a school district). It came with Tiger already installed, and I bought the Leopard Retail upgrade disc, installed all that, and did software updates to get it up and running at 10.5.8. It ran perfectly for the first two days.
Then on startup, the blue screen issue which lasted forever. I put in the Update install disc to run disc utility: A-ok. Tried again, and again. Nothing.
Finally, I went to the installer menu, and reset the user/root/admin passwords.
Now, even when I put the install disc in, it doesn't even go to the gray apple. Instead, it just gives that "?" /faces pictures intermittently.
I was wondering if anyone has had any such problem, and found a solution.
I should add that I already attempted "Safe" mode and even "Transfer" mode, with firewire/friend's macbook. All to no avail.
Is there any way to FIND that hard drive in there again?
Thanks, everyone!
RobertHI,
Now, even when I put the install disc in, it doesn't even go to the gray apple. Instead, it just gives that "?" /faces pictures intermittently.
Indicates that your iBook can't find a System Folder to boot from.
Then on startup, the blue screen issue which lasted forever. I put in the Update install disc to run disc utility: A-ok. Tried again, and again. Nothing.
Did you actually boot from the install disc or just insert into the optical drive? In order to run Disk Utility from the install disc...
Insert your install disk and Restart, holding down the "C" key until grey Apple appears.
Go to Installer menu and launch Disk Utility.
Select your HDD (manufacturer ID) in the left panel.
Select First Aid in the Main panel.
*(Check S.M.A.R.T Status of HDD at the bottom of right panel. It should say: Verified)*
Click Repair Disk on the bottom right.
If DU reports disk does not need repairs quit DU and restart.
If DU reports errors Repair again and again until DU reports disk is repaired.
When you are finished with DU, from the Menu Bar, select Utilities/Startup Manager.
Select your start up disk and click Restart
While you have the Disk Utility window open, look at the bottom of the window. Where you see Capacity and Available. *Make sure there is always 10% to 15% free disk space*
Go here for help when a A flashing question mark appears when you start your Mac
Carolyn -
How to change the Default Password on AP1131AG
Hi all :
I tried to change the default password Cisco to other by command line but the password cannot work out.
The command line I used are as below :
AP#conf t
Enter configuration commands, one per line. End with CNTL/Z.
AP(config)#enable pass
AP(config)#enable password 4dMINO123 ?
LINE <cr>
AP(config)#enable password 4dMINO123
AP(config)#exit
AP#wr
*Mar 1 04:39:23.902: %SYS-5-CONFIG_I: Configured from console by console
Building configuration...
[OK]
AP#exit
This still cannot cahnge. Below I do again below commands :
AP(config)#enable secret
% Incomplete command.
AP(config)#enable secret ?
0 Specifies an UNENCRYPTED password will follow
5 Specifies an ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) 'enable' secret
level Set exec level password
AP(config)#enable secret 5
% Incomplete command.
AP(config)#enable secret 5 ?
LINE The ENCRYPTED 'enable' secret string
AP(config)#enable secret 5 LINE
ERROR: The secret you entered is not a valid encrypted secret.
To enter an UNENCRYPTED secret, do not specify type 5 encryption.
When you properly enter an UNENCRYPTED secret, it will be encrypted.
AP(config)#enable secret LINE
AP(config)#exit
AP#
*Mar 1 04:40:53.021: %SYS-5-CONFIG_I: Configured from console by console
AP#
AP#exit
After that when I access with >en again as below with correct password of 4dMINO123 and it always fails as below :
Can anybody help to provide correct way of changing the default password of Cisco to another password? Many thanks!
AP con0 is now available
Press RETURN to get started.
AP>en
Password:
Password:
Password:
% Bad secrets
AP>en 0
AP>en 5
% No password set
AP>en 15
Password:
Password:
% Password: timeout expired!
Password:
% Bad secrets
AP>
AP>
AP>en
Password:
Password:
Password:
% Bad secrets
thanks and best regards,
tangsuanHi, I have even the worst problem,
that seems probably to to be never asked on Internet. After quick learning how to reset this creapy device, I can't get by no means the enable password in default config for this box, having read everywhere from Cisco guide through community pages to Google pages.. NOWHERE.
Question is : what else except Cisco, cisco, root, password... can solve this stupid issue?!? I expect some guru from responsible AP BU to answer this with definite answer, or someone from Cisco having mercy with me to contact such guy(s).
Here is my desperate situation :
Nothing from this page helped :
http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/products_password_recovery09186a00800949d0.shtml#reset_ap_newer
Situation after hard reset:
Xmodem file system is available.
flashfs[0]: 26 files, 8 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 6879232
flashfs[0]: Bytes available: 9119744
flashfs[0]: flashfs fsck took 43 seconds.
Base ethernet MAC Address: 00:22:55:9f:fc:a0
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
button pressed for 1 seconds
process_config_recovery: set IP address and config to default 10.0.0.1
Loading "flash:/c1130-rcvk9w8-mx/c1130-rcvk9w8-mx"...#########################################################################################################################################################################
File "flash:/c1130-rcvk9w8-mx/c1130-rcvk9w8-mx" uncompressed and installed, entry point: 0x3000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1130 Software (C1130-RCVK9W8-M), Version 12.3(11)JX1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 17-Jul-06 11:38 by alnguyen
Image text-base: 0x00003000, data-base: 0x0035E440
Initializing flashfs...
flashfs[1]: 26 files, 8 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15998976
flashfs[1]: Bytes used: 6879232
flashfs[1]: Bytes available: 9119744
flashfs[1]: flashfs fsck took 6 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
cisco AIR-LAP1131AG-E-K9 (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
Processor board ID FCZ1238Q0HK
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 3.0.51.0
1 FastEthernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:22:55:9F:FC:A0
Part Number : 73-8962-14
PCA Assembly Number : 800-24818-13
PCA Revision Number : A0
PCB Serial Number : FOC12354426
Top Assembly Part Number : 800-29144-03
Top Assembly Serial Number : FCZ1238Q0HK
Top Revision Number : A0
Product/Model Number : AIR-LAP1131AG-E-K9
Press RETURN to get started!
*Mar 1 00:00:08.354: %CDP_PD-4-POWER_OK: Full power - AC_ADAPDOWN: Line protocol on Interface FastEthernet0, changed state to up
Press>en
Password:
Password:
Password:
*Mar 1 00:00:27.393: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
% Bad secrets
Press>en
Password:
Password:
Password:
% Bad secrets
Press>
*Mar 1 00:00:36.530: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 192.168.1.2, mask 255.255.255.0, hostname Press
Press>en
Password:
Password:
Press>sho ver
Cisco IOS Software, C1130 Software (C1130-RCVK9W8-M), Version 12.3(11)JX1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 17-Jul-06 11:38 by alnguyen
ROM: Bootstrap program is C1130 boot loader
BOOTLDR: C1130 Boot Loader (C1130-BOOT-M) Version 12.3(8)JEA, RELEASE SOFTWARE (fc2)
Press uptime is 17 minutes
System returned to ROM by power-on
System image file is "flash:/c1130-rcvk9w8-mx/c1130-rcvk9w8-mx"
cisco AIR-LAP1131AG-E-K9 (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
Processor board ID FCZ1238Q0HK
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 3.0.51.0
1 FastEthernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:22:55:9F:FC:A0
Part Number : 73-8962-14
PCA Assembly Number : 800-24818-13
PCA Revision Number : A0
PCB Serial Number : FOC12354426
Top Assembly Part Number : 800-29144-03
Top Assembly Serial Number : FCZ1238Q0HK
Top Revision Number : A0
Product/Model Number : AIR-LAP1131AG-E-K9
Configuration register is 0xF
Press> -
Sudo or su and root's password
A root's login prompt are simply without password prompt, I never typed root's password when I logged in as root. How to find the root's password, change it and use it with 'su' command? Visudo (Vi) has a very strange syntax for editing, I cannot edit sudoers file despite of reading man vi. Is there neccessary edit sudoers file with visudo to give the user some root's privilegues? Thanks a lot, I am quite an old dog to learn all quickly and wish to use Arch regulary...
# sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# See the sudoers man page for the details on how to write a sudoers file.
username ALL=NOPASSWD: /usr/bin/cdrecord,/usr/bin/gcombust,/usr/bin/cdrdao,/usr/bin/eject,/bin/mount,/bin/umount,/usr/X11R6/bin/XFree86,/opt/kde/bin/k3b,/usr/sbin/fping,/usr/bin/kismet
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
gives the user "username" rights to run cdrecord, gcombust,cdrdao ... etc
This is saves a lot of work when you regrade those apps which need root privledges to run.
#!/bin/sh
DEV="/dev/burner"
if [ ! $2 == "" ]; then SPEED=$2 ; else SPEED=52 ; fi
time sudo cdrecord -tao dev=$DEV speed=$SPEED driveropts=burnfree -overburn -eject $1
is my script for burning as an ordinary user. I just call it burn. as in
burn /tmp/arrgh.iso -
HI,
I have prepared one script, from which user can change there own password across all the nodes he wants.But problem is script is not working because the following command is not working
echo -e "$oldPassword\n$newPassword" | passwd
i have tried to run it manually but it is showing the folowing error....
[testuser@xxxxxx01 ~]$ echo -e test\ntest123|passwd
Changing password for user testuser.
Changing password for testuser
(current) UNIX password: passwd: Authentication token manipulation error
[testuser@xxxxxxx01 ~]$
any idea how to resolve this , or is there any other command where user can change their own password (inside a script).
Regards,
AniWhen you change the password and are not root user, the passwd utility will ask for the current (old) password. You have specified a wrong old password, plus the utility will ask for confirmation of the new password.
<pre>
$ passwd
Changing password for user dude.
Changing password for dude.
(current) UNIX password: asdfasdf
passwd: Authentication token manipulation error
$ passwd
Changing password for user dude.
Changing password for dude.
(current) UNIX password: correct_password
New password: How_will_1_ever_remember
Retype new password: How_will_1_ever_remember
passwd: all authentication tokens updated successfully.
$ old_pwd='How_will_1_ever_remember'
$ new_pwd='My_secret_passord_1'
$ echo -e "$old_pwd\n$new_pwd\n$new_pwd" | passwd
Changing password for user dude.
Changing password for dude.
(current) UNIX password: New password: Retype new password: passwd: all authentication tokens updated successfully.
</pre>
Edited by: Dude on Sep 25, 2012 4:36 PM -
Change Mamp MYSQL password?
I use the normal command line and i get this message...help
error: 'Access denied for user 'root'@'localhost' (using password: YES)'I was struggleing with this too, the error is as follows:
/Applications/MAMP/Library/bin/mysqladmin -u root -p password <NEWPASSWORD>
In the above I was replacing the password with my password, thats wrong, copy and paste the following into terminal exactly as is, change nothing:
/Applications/MAMP/Library/bin/mysqladmin -u root -p password
now at the end, after the word "password" type your new password then press enter.
Now you will be prompted for the current password, type 'root' without the quotes.
You should be good to go!
My, and many others interpretation of the instructions within MAMP makes you think you replace 'password' with your current password, then replace <NEWPASSWORD> with the new one, wrong.
Hope this helps!! -
junked old macbook for a new one. changed apple id password from a different mac. i want to login and it asks for name and password. no matter what i type i cant seem to login. why cant i just enter my apple id and password. or is there a way to change whatever name and password are on the new one from another mac so i can login. anything helps...thanks
Just open System Preferences>Users & Groups and unlock the preference pane with your root password.
Set the New Account to be an Administrator and fill in the rest of the data and then click "Create User".
I would suggest using this user to be YOU with admin capabilities. I wouldn't use the root user - too much damage could occur if you're not sure what you're doing. If you have files, etc., that you want to move to this account, simply but them in the Shared folder - or if you 'rescued' some old files and the like from your 'trashed' MBP, you can put them in your NEW admin account folders.
Hope I've explained myself well - call back with any questions!
Clinton -
Kadmin can't change dsimport'ed passwords in Snow Leopard Server
Hello, World.
I am attempting to manage user accounts in Open Directory from a non-Mac system. After a good deal of investigation on Leopard Server, I wound up ssh'ing to our Open Directory server to create new accounts with 'dsimport', and then to manage later changes to the account through LDAP (for non-password data) and through Kerberos with kadmin, on the theory that kadmind was supposed to propagate the encrypted plain text passwords into Password Service for all of P.S.'s hashing needs.
This worked great in Leopard Server, but under Snow Leopard Server, any attempt to change a user's password via kadmin fails with
'change_password: KDC policy rejects request while changing password for <principal name>'
At the same time, the system log (/var/log/system.log) shows
Nov 2 17:53:46 od1 sandboxd[76028]: mkpassdb(76026) deny file-read-data /usr/sbin/mkpassdb
Nov 2 17:53:46 od1 sandboxd[76028]: mkpassdb(76027) deny process-exec /usr/bin/ldapsearch
However, if I create a principal directly with kadmin, kadmin does allow me to change the password for the principal I just created.
Use modprinc to remove attributes (REQUIRESPREAUTH DISALLOW_SVR) from the dsimport'ed principals doesn't affect anything in any positive manner, though the principals I create manually in kadmin do lack these attributes.
So, does anyone know what the story is, here? Is there no supported API that I can use from a Solaris/Linux server to fully manage accounts under Open Directory?I have a Similar issue, Details below. the summary is that Using the Snow Leopard GUI interface I created 17 users with a generic low security Password. then transferred and converted some mail files to the server. Once the mail was working properly, I changed the passwords to a slightly more secure password, and set it so my users would have to change their password to a more secure password at log in.
Even after these password changes it is very easy to get other user's ticket information, if you know the original low Security Password with
kinit <other user name>
Details and demonstration.
oursvr:krb5kdc root# kpasswd someuser
Please enter the old password for [email protected]:
Please enter the new password for [email protected]:
Verifying, please re-enter the new password for
[email protected] again:
Server error
Unknown error code: 2802413321
KDC policy rejects request Unknown error code: 2802413326
Please enter the old password for [email protected]:
oursvr:krb5kdc root# kadmin.local
Authenticating as principal root/[email protected] with password.
kadmin.local: cpw [email protected]
Enter password for principal "[email protected]":
Re-enter password for principal "[email protected]":
ambiguous user name.
change_password: KDC policy rejects request while changing password for
"[email protected]".
kadmin.local: q
oursvr:krb5kdc root# kinit someuser/admin
Please enter the password for someuser/[email protected]:
oursvr:krb5kdc root# klist
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: someuser/[email protected]
Valid Starting Expires Service Principal
12/21/09 12:00:53 12/21/09 22:00:53
krbtgt/[email protected]
renew until 12/28/09 12:00:53
oursvr:krb5kdc root# kadmin
Authenticating as principal someuser/[email protected] with password.
Password for someuser/[email protected]:
kadmin: cpw someuser
Enter password for principal "someuser":
Re-enter password for principal "someuser":
change_password: Unknown error code: 2529638924 while changing password
for "[email protected]".
oursvr:krb5kdc root# kdestroy
oursvr:krb5kdc root# kinit otheruser
Please enter the password for [email protected]:
oursvr:krb5kdc root# klist
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: [email protected]
Valid Starting Expires Service Principal
12/21/09 12:07:55 12/21/09 22:07:50
krbtgt/[email protected]
renew until 12/28/09 12:07:55
CONFIGURATION
=============
Contents of /var/db/krb5kdc/kadm5.acl:
## This file autogenerated by KDCSetup ##
*/[email protected] * *
[email protected] * *
ADDITIONAL INFORMATION
======================
(1) Using 'passwd' to change the password does not change the Kerberos
password.
(2) Using "dscl /LDAPv3/127.0.0.1 -passwd Users/someuser" does not change
the Kerberos password.
(3)
(4) From /var/log/system.log:
Dec 21 11:57:01 oursvr edu.mit.Kerberos.kadmind[79131]: ambiguous user name.
Dec 21 11:57:01 oursvr sandboxd[82190]: mkpassdb(82189) deny file-read-data
/usr/sbin/mkpassdb
(5) From /var/log/krb5kdc/kadmin.log:
Dec 21 12:02:36 oursvr.sub.dom.tld kadmind[79131](Notice): Request:
kadm5chpassprincipal, [email protected], KDC policy rejects
request, client=someuser/[email protected],
service=kadmin/[email protected], addr=VVV.WWW.YYY.ZZ
Dec 21 12:02:36 oursvr.sub.dom.tld kadmind[79131](Notice): Request:
kadm5chpassprincipal, [email protected], KDC policy rejects
request, client=someuser/[email protected],
service=kadmin/[email protected], addr=VVV.WWW.YYY.ZZ
(6) From /var/log/krb5kdc/ldc.log:
Dec 21 11:56:51 oursvr.sub.dom.tld krb5kdc[62](info): AS_REQ (7 etypes {18
17 16 23 1 3 2}) VVV.WWW.YYY.ZZ: NEEDED_PREAUTH:
[email protected] for kadmin/[email protected],
Additional pre-authentication required
Dec 21 11:56:51 oursvr.sub.dom.tld krb5kdc[62](info): AS_REQ (7 etypes {18
17 16 23 1 3 2}) VVV.WWW.YYY.ZZ: NEEDED_PREAUTH:
[email protected] for kadmin/[email protected],
Additional pre-authentication required
Dec 21 11:56:51 oursvr.sub.dom.tld krb5kdc[62](info): AS_REQ (7 etypes {18
17 16 23 1 3 2}) VVV.WWW.YYY.ZZ: ISSUE: authtime 1261414611, etypes
{rep=18 tkt=16 ses=18}, [email protected] for
kadmin/[email protected]
Dec 21 11:56:51 oursvr.sub.dom.tld krb5kdc[62](info): AS_REQ (7 etypes {18
17 16 23 1 3 2}) VVV.WWW.YYY.ZZ: ISSUE: authtime 1261414611, etypes
{rep=18 tkt=16 ses=18}, [email protected] for
kadmin/[email protected]
(7) mkpassdb -dump 0x4b2bf32f30c3d4860000001e0000001e
slot 0030: 0x4b2bf32f30c3d4860000001e0000001e someuser 12/21/2009
12:28:17 PM
Last password change: 12/21/2009 11:00:36 AM
Last login: 12/21/2009 12:28:17 PM
Failed login count: 0
Disable reason: none
Hash-only bit: 0
Last Transaction ID: 2052
Transaction requires kerberos: 1
Record is dead: 0
Record is not to be replicated: 0
Access Features:
isDisabled=0 isAdminUser=0 newPasswordRequired=0 usingHistory=0
canModifyPasswordforSelf=1 usingExpirationDate=0 usingHardExpirationDate=0
requiresAlpha=0 requiresNumeric=0 expirationDateGMT=18446744073709551615
hardExpireDateGMT=18446744073709551615 maxMinutesUntilChangePassword=0
maxMinutesUntilDisabled=0 maxMinutesOfNonUse=0 maxFailedLoginAttempts=0
minChars=0 maxChars=0 passwordCannotBeName=0 requiresMixedCase=0
requiresSymbol=0 notGuessablePattern=0 isSessionKeyAgent=0
isComputerAccount=0 adminClass=0 adminNoChangePasswords=0
adminNoSetPolicies=0 adminNoCreate=0 adminNoDelete=0 adminNoClearState=0
adminNoPromoteAdmins=0
Group(s) for Administration: unrestricted
digest 0: method: *cmusaslsecretSMBNT
digest length: 16
digest: D6B093421FDF17380F0B695721F0F26A
digest 1: method: *cmusaslsecretSMBLM
digest length: 16
digest: 5C957C596B14237409A48A7AC23C7AB2
digest 2: method: *cmusaslsecretDIGEST
digest length: 16
digest: 8E9181A5F7697D7FB83BF2DA430CBB70
digest 3: method: *cmusaslsecretCRAM-M
digest length: 32
digest:
A08E4B9266A4B8676DEFA8584758F9013D29A479D81EE4E41D857D5A5CA4FA71
digest 4: method: KerberosRealmName
digest: OUR.KRB5.RLM
digest 5: method: KerberosPrincName
digest: someuser
digest 6: method: *cmusaslsecretPPS
digest length: 24
digest: A5AC9D1843D42ED4AF39EFB4AB91E536F733FB2580978860
digest 7: <empty>
digest 8: <empty>
digest 9: <empty>
slot checksum: 7DAA85870308B253D5A9294483A4B0EF
(8) dscl /LDAPv3/127.0.0.1 -read Users/someuser | grep -A 2 authAuthority
dsAttrTypeNative:authAuthority:
;ApplePasswordServer;0x4b2bf32f30c3d4860000001e0000001e,1024 35
14773688809506996593092824880872774590718495204127440029375223520574013330136617 78685429961896612181406054801454823310071429734609519569726042321602422714273008 59946509691313082062885828226653436410277560435615063784052163315144051817774743 254036483144235604939879290290235050919364398951613699884041179183857
[email protected]:VVV.WWW.YYY.ZZ
;Kerberosv5;0x4b2bf32f30c3d4860000001e0000001e;[email protected];OUR.KRB5.R LM;1024
35
14773688809506996593092824880872774590718495204127440029375223520574013330136617 78685429961896612181406054801454823310071429734609519569726042321602422714273008 59946509691313082062885828226653436410277560435615063784052163315144051817774743 254036483144235604939879290290235050919364398951613699884041179183857
[email protected]:VVV.WWW.YYY.ZZ -
Hacker changed root user passwod
I was hacked into recently and the hacker worked through root user, and now the root user password has been changed. I would like to reset it and find out what has been done to my Mac. Can it been done ?
I found the answer here. http://discussions.apple.com/click.jspa?searchID=-1&messageID=680165
Sorry for the trouble. Thanks.
Maybe you are looking for
-
How to set the size for height of iView tray?
Hi, I have created a ABAP webdynpro component and integrated this comp with iView. Then i integrated iView into Page in portal. That is working fine. But the size of tray/window which is displayed in the page is very small. How to increase the height
-
Mapping CLOB and Long in xml schema
Hi, I am creating an xml schema to map some user defined database objects. For example, for a column which is defined as VARCHAR2 in the database, I have the following xsd type mapping. <xsd:element name="Currency" type="xsd:string" /> If the oracle
-
There Has to Be an Easier Way ...
W3C says you should notify a visitor of where they're being directed once they click a link. For external links, I'm simply placing a "double-window" icon next to the link. At this point in time, I'm coding the image in each time, like so: <img src="
-
We have a legacy Forms and Reports application(~750 items combined). I suspect the applications were developed initially under 6i, but they work quite well under 10GR2, and is testing well under 11GR2 (which we plan on migrating to soon). We ran into
-
Deleteing the Adjacent Dupilcates
Hi Experts, I had declared an internal table for the year. and base don the Usre input it is fetching the all the years in to table IT_YEAR. IF the usre enters from 2007 to 2010. I am getting nearly 212 records. when I do the delet adjacent dupilca