Managing root passwords across hundreds of systems

Similar Messages

• Changing Password across the RFC systems needed Functional Module

  Hi All,
               Could anybody pleaese tell me is there any function module to change the password across the RFC destinations.
  Marks will be given immediately.,
  J

  Have a look at the bapi's
  BAPI_EMPLOYEET_CHANGEPASSWORD.
  Type in BAPIPASSWOR to look at the complete suite.
  J

• Forgot Linux Root Password

  Hello,
  I installed RHEL 4 through a virtual machine on my computer. I created 2 users Root and System. The problem is i forgot my Root password and logging thru system and i dont have administrator rights for doing anything. can any one help get my root passsword.
  Thanks in advance,
  shushanth

  user12941025 wrote:
  Hello,
  I installed RHEL 4 through a virtual machine on my computer. I created 2 users Root and System. The problem is i forgot my Root password and logging thru system and i dont have administrator rights for doing anything. can any one help get my root passsword.
  Thanks in advance,
  shushanthAnd what this has to do with an Oracle database forum? Anyways, let google be your friend,
  http://www.google.co.in/search?q=how+to+break+root+password+in+linux&rls=com.microsoft:en-US:{referrer:source?}&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7GGLJ&redir_esc=&ei=3xy6S4zsL4Sy0gT87-zFCw&esrch=FT1
  HTH
  Aman....

• Lost root password on Ultra2

  Lost root password on Ultra2 Sun system and do not know the procedure to recover. I do not have any other accounts to login as. I do have installation media and do not know the procedure to boot it to try and recover that way. Solaris 2.5.1

  This is a procedure I wrote up to recover roots password, give it a try. Test between the brackets are the commands you enter (without brackets).
  Ritchie
  1) Place the solaris software disk into cdrom drive.
  2) Change machine state to PROM hardware level: [  init 0  ].
  You should then see an OK prompt.
  3) Boot from cdrom to single user mode: [  boot cdrom -s  ].
  Should eventually see a # prompt.
  4) Mount the disk drive as filesystem a: [  mount /dev/dsk/c0t0d0s0 /a  ].
  5) Change to the a directory: [  cd /a  ].
  Look for the etc directory by issuing an ls command: [  ls  ].
  6) Switch to the etc directory: [  cd etc  ].
  7) Set up the machine to be able to use the vi editor by defining the terminal type for the shell:
  [  TERM=vt100;export TERM  ].
  8) Edit the shadow file: [  vi shadow  ].
  a) Delete everything between the first : and the second : , which will be the encrypted password
  for root.
  b) Save the file: [  :wq!  ].
  9) Reboot the machine: [  init 0  ].
  You should be at the OK prompt again.
  10) Issue command to boot machine: [  boot  ].
  11) When CDE environment appears login as root leaving the password field blank if prompted.
  12) Establish a terminal session using "this host"
  13) Issue command to change the password: [  passwd  ]. Confirm new password.
  Now root will have the new password the next time you login.

• Manage ILOM password from terminal

  Hi,
  I have T5240/M9000 servers running Solaris 10.
  I want to manage root password from terminal only using scadm command.
  Can somebody help me on this? Which package do I need to install and what all configuration need to be done?
  Thanks,
  Prashant

  For the M9000, please read this document : http://docs.oracle.com/cd/E19415-01/E25381/E25381.pdf
  For the T5240, read also this document : http://docs.oracle.com/cd/E19860-01/E21445/E21445.pdf

• Root password fails on auth to Solaris Management Console Server

  I've setup Solaris 10 x86 on a VA linux 1220 server, all is good so far except when I try to create additional users. I am logged in as root, and the root password logs in to the CDE, but fails on authentication to Solaris Management Console Server when I try to use any of the management apps like computers and networks or Users. So I'm stalled at the point where I should be configuring the system. I have been very careful about typing in the password exactly as I use it in the login screen, but it never works in the System Management tools for This Computer. The password I'm using is 26 characters long, is it too long? Or is there a step I'm missing?
  Thanks,
  Brian

  One of my famous guesses, but unless you changed the default password algorithm the maximum length of your password is 8 characters, when logging in on the console or desktop, anything typed after those eight characters will be ignored (unless this behaviour changed very recently).
  Its possibly that SMC, and its server component WBEM does not ignore the extra characters, which could cause this behavior.
  What happens if you try and login to SMC with the root user and only the first eight characters of your password?
  Btw, if this was the problem i think there is a way to change the default crypto algorithm to something that supports more characters.
  .7/M.

• Can I remove all but the last "Mac OS X Server certificate management" application password from my System Keychain?

  I am slowly nursing a broken Montain Lion Server back to health. The problems started with a name change days ago then went sour, probably because of some stuff in the keychain that tripped the commands up.
  I have now a trusted Root CA in my System Keychain which has signed my wildcard Certificate for my domain and all my services are protected by this wildcard certificate. Creating and installing that certificate helped me back (slowly) but there are still problems to solve
  I also have set the com.apple.servermgrd identity preference to this (now trusted) wildcard certificate a few minutes ago
  I am busy cleaning as much as possibe of junk from my Keychains to improve stability, of course without damaging things (I hope)
  There are 19 "Mac OS X Server certificate management" application passwords in my System Keychain.
  12 are from 9 days ago when I installed this clean OS X Mountain Lion Server for the first time, created within a minute during server install.
  1 from 6 minutes later, maybe when I turned on a Service
  2 are from that day, but 2 and 3 hours later (also probably because of something I did in Server.app, like enabling a service)
  1 from 2 days later (probably when I tried to change the server name/domain)
  1 from again 5 days later (probably when I tried to change the server name/domain again)
  1 from yesterday, when I changed the servername
  1 from today, when I changed the server name again.
  What are these application passwords for and can I safely remove all but the last one? What are they for?

  I went ahead and remove them a month ago. So far, there don't seem to be any issues. As long as you double-triple-check that the hash-number in those "Mac OS X Server certificate management" keychains _aren't_ in the filename of any of the *.pem files in the /etc/certificates folder, you can delete those orphan keychains.

• How to Delete and Reset a Lost Root Password on a System With a Mirrored ??

  hi All,
  we are experiencing problem,lost root password on Solaris 10 Sparc T5120, with mirror root,
  and we found the solution from Metalink.oracle.com, has anyone have try this??
  here list capture the file system :
  Filesystem size used avail capacity Mounted on
  */dev/md/dsk/d10 2.0G 349M 1.6G 18% /*
  */dev/md/dsk/d40 9.8G 563M 9.2G 6% /usr*
  */dev/md/dsk/d30 9.8G 1.4G 8.4G 15% /var*
  */dev/md/dsk/d50 7.9G 310M 7.5G 4% /opt*
  */dev/md/dsk/d600 3.8G 4.3M 3.8G 1% /home*
  */dev/md/dsk/d602 471M 20M 404M 5% /app/controlm*
  */dev/md/dsk/d601 471M 251M 173M 60% /app/ctsa*
  */dev/md/dsk/d604 4.9G 1.1G 3.8G 23% /app/oramon*
  */dev/md/dsk/d603 20G 11G 8.2G 58% /app/oracle*
  */dev/md/dsk/d606 39G 10.0G 29G 26% /proj/iprdb01/orafra/iprod01p*
  here the step :
  Solstice DiskSuite[TM] Software: How to Delete and Reset a Lost Root Password on a System With a Mirrored Root Disk [ID 1010755.1]
  Solution
  Steps to Follow
  How to delete and reset a lost root password on a system with a mirrored root disk.
  1) Insert the Solaris[TM] Operating System CD-ROM into the CD-ROM drive.
  2) Once the CD-ROM is in the drive, perform a stop-a. This brings the system down to the "ok" prompt.
  3) From the "ok" prompt, perform a single-user boot from the Solaris OS CD-ROM.
  ok boot cdrom -s4) At the "#" prompt, determine which disk is the system's boot disk (containing the root file system). There are several Oracle architectures and various configurations of systems when it concerns a boot disk. As a general rule, most boot disks are attached to controller 0 (c0). Usually, their SCSI target is
  either 3 (t3) or 0 (t0). However, Oracle machines are very flexible, and the boot disk could be at a different location. If you are not sure which disk is your boot disk, perform the following steps to determine the location of the boot device:
  a) # eeprom boot-device
  The output might appear to be simple, such as "disk" or "disk1" or more complicated, such as a pathname "/iommu/sbus/espdma@4,8400000/...../sd@3,0:a".
  b) Make note of the boot-device. If the boot-device is a pathname, it is beyond the scope of this information to provide the location of the customized boot disk. However, for most configurations,
  finding the customized boot disk is an easy task. The "Format" command shows all available disks:
  #format
  Searching for disks...done
  AVAILABLE DISK SELECTIONS:
  (enter its number): c) Enter d to exit format.
  Now, you will have an idea what disks are on the system. Therefore, if the boot-device is "disk" and format shows "c0t0d0" (on some systems "c0t3d0") then that is the boot device. If boot-device
  shows "disk1" and format shows "c0t1d0," then that is the boot device. If format shows multiple disks, then based on what the "eeprom boot-device" command shows, the system's boot disk would be:
  boot-device format
  disk c0t0d0 or c0t3d0 (machine dependent)
  disk1 c1t0d0
  disk2 c0t2d0
  disk3 c0t3d0 or c0t0d0 (machine dependent)
  and so on ....
  5) Because the system was not brought down gracefully (no root password means having to use the Stop-a keystroke to "crash" the system), you need to run "fsck" to clean the root partition (slice). The fsckalso confirms that you selected the proper slice.
  # fsck /dev/rdsk/c1t0d0s0
  where the X and Y are determined by the previous procedure. It is also possible to have a root partition which is not on slice 0 (s0), but, again, that is not a standard configuration.
  The output of "fsck" looks like this:
  ** /dev/rdsk/c1t0d0s0
  ** last mounted on /
  ** Phase 1 .....
  The second line in the output of "fsck" ("** Last mounted on /") confirms that this is the correct root filesystem partition. Answer "y" to any questions fsck asks. There shouldn't be too many items
  needing repair. If there are, there is a possibility of a corrupted root filesystem. After fsck is finished, mount the root partition:
  # mount /dev/dsk/c1t0d0s0 /a
  Again, X and Y are the same as for the fsck command.
  For example:
  # mount /dev/dsk/c1t0d0s0 /a
  6) From the root prompt, set the proper TERM type command (such as vt100, dtterm, sun, and so on)
  by entering this command:
  # TERM=sun; export TERM
  7) Use the VI text editor to edit the /etc/shadow file:
  # vi /a/etc/shadow
  8) The first line of the /etc/shadow file is the one you want to modify.
  It looks like this:
  root:c3.yAVmYodWsc:6445::::::
  9) Delete every character between the first and second colons in the first line of the file. When you finish deleting the characters, the line should look like this:
  root::6445::::::
  10) Press the Escape key, then enter the following to save the file and exit vi:
  :wq!
  11) Use the VI text editor to edit the /etc/system file andremove the "rootdev" line shown below:
  # vi /a/etc/system
  *rootdev:/pseudo/md@0:0,0,blk
  Don't comment out the "rootdev" line. Actually remove it.
  12) In the /a/etc/vfstab file, replace the lines for the system filesystem meta-devices with their underlying partitions. For example, change lines from
  /dev/md/dsk/d0 /dev/md/rdsk/d0 / ufs 1 no -
  to
  /dev/dsk/c1t0d0s0 /dev/rdsk/c1t0d0s0 / ufs 1 no -
  ONLY change the lines for root (/) and the filesystems that were affected by the actions you took in step 1 of this procedure. All other metadevices may stay as is in this file.
  13) Unmount root, check the root filesystem, and then stop the system:
  # cd /
  # umount /a
  # fsck /dev/rdsk/c1t0d0s0
  # stop-a
  14) Boot to single-user mode:
  ok boot -swTHIS STEP IS VERY IMPORTANT; YOU MUST BOOT TO SINGLE-USER MODE TO AVOID FILESYSTEM CORRUPTION.
  If the system does not boot to single user mode, you might have made a mistake in the previous steps.
  15) Because the root password was cleared in an earlier step, press Return when prompted for the the root password. Once you are in single-user mode, you must clear the metamirrors and all the sub-mirrors for the root filesystem. For example, if root (/) is d0, run the following command:
  # metaclear -f -r d0
  Running the metaclear command not only clears the metamirror but also clears the submirrors that are part of this mirror.
  16) When the metamirror is cleared, continue the boot up to multiuser mode by either pressing CTRL-D or by entering the following:
  # exit
  Now everything should be as it was, except that the system partition is on the underlying partition and isn't mirrored. You will simply need to re-create the metadevices for the root mirror as you had originally.
  many thanks

  Hi,
  Halt your machine.
  Boot with fail-safe mode.
  format and list out the disks. (You can get the root & mirror disk (c#t#d#) details from /etc/lvm/md.tab of your root or mirror disk. Earlier explorer output may help)
  Mount the root disk and remove the password entry in /etc/shadow
  umount it.
  Mount the mirror disk and remove the password entry in /etc/shadow
  umount it.
  reboot the server.
  Hope this helps!

• Solaris root password & installer

  I have installed oracle solaris 11 exp, but :
  I have difficulties finding root password, have tried solaris & my user password but it's not going,
  during the installation I have used solaris passwrd for the partition manager and it worked, but no later,
  I also would like to ERASE ALL PASSWORDS of the system, ... give password, give password, give password, it gives you a headache,
  and by the way, do I have to buy an application installer or I have with the package?
  thank in advance,
  max.

  root is a role by default in Solaris 11, so i don't think it actually have a password, or am i wrong here? You can set a password by running pfexec passwd rood from the user who you created as an administrative user..
  .7/M.

• Linux installing applications requires root password.

  Can anyone explain to me why it is that on Linux, Air
  requires a root password to install an application even if the
  installation directory is specified as somewhere within my own home
  directory?
  That it asks for a root password under such circumstances
  seems very wrong. The application files are being written to my
  home directory, I don't need to be root to write there and I do not
  want files being created in my home directory with root as the
  owner, as Air does when it installs an application.
  Asking for the root password also means that users who have a
  Linux machine that is administered for them by someone else and do
  not have root are unable to install Air applications themselves
  even if the administrator has installed Air on their
  machine.

  First of all, on behalf of myself (and anyone else who has
  been wondering about this particular detail of Adobe AIR) let me
  thank you for your helpful reply. This does still leave me with a
  couple of questions, however...
  quote:
  Originally posted by:
  Ashutosh Sharma
  AIR applications are similar to regular native applications -
  they install as native rpm/deb packages. This requires access to
  the rpm/deb system database (e.g. rpm database lock). And this is
  required even if the installation folder is chosen to be one that
  is owned by the current non-root user. In addition, with root
  privileges, it's also possible to install applications to a
  location that is accessible to other users on the system.
  I have confirmed for myself the accuracy of this information
  and I thank you for pointing it out. While this does make some
  sense on the surface, it does leave me wondering something about
  the security level of this install process. When I install
  applications from my Linux distribution's package sources, I have
  GPG (or PGP) cryptographic key signatures ensuring that all the
  packages are un-altered from their original form on the
  distribution's package servers, and a team of programmers assuring
  me that the code of these packages are (at least somewhat) safe as
  far as they are able to tell. I am thus far unable to find
  information leading me to believe that there is similar assurance
  that I am not willingly installing unknown malware (keystroke
  logger, spyware, etc.) disguised as a desktop widget (for example)
  when installing Adobe AIR applications. As a code savvy user, I can
  personally download and examine the code of many AIR apps to ensure
  their safety myself before installing, but what about users who
  understand code as well as they understand Martian language or
  ancient Egyptian hieroglyphs? Is there any assurance process in
  place for the average user similar to that of native distro
  packages? If so, can anyone point me to where that is discussed on
  the Adobe pages?
  Also, as an aside note; root privileges are not technically
  REQUIRED in order to install an RPM package in a location which the
  user already has write access to, as I personally have on many
  occasions installed source code packages (SRPM) from my
  distribution's package manager in my home folder while logged in as
  a normal user (without the use of 'su' or 'sudo' or such) for the
  purpose of building newer versions of the RPM packages which they
  correspond to.
  quote:
  Originally posted by:
  Ashutosh Sharma
  However, do note that when they are launched, AIR
  applications run with the privileges of the user launching the
  application and not root. The primary executables of AIR
  applications (under the bin/ folder in the installation path) do
  not have the setuid bit set. You should not be worried about AIR
  applications running with root privileges, based on the fact that
  their installation required superuser access - the two are
  completely independent.
  This does still go back to the original point about the
  security of the code itself which is being installed in the first
  place. What quality assurance process is in place (beyond the star
  ratings system on the application showcase site) to ensure that
  malware was not installed (as root) and then happily being run by
  all the users of a system while blissfully unaware of the capture
  of their passwords or other personal information? (Again, an
  example, and not the only such possible worry.) If such an
  assurance system
  is already in place, where can I (and other AIR users) read
  more about it?
  The reasons for this concern should be obvious when one
  considers that a malicious application does not necessarily need to
  be run as root to still do a great deal of damage on a system and a
  sufficiently sneaky malware application could possibly even
  obtain root privileges once installed on a system through
  some other privilege escalation exploit. As an administrator of
  multiple systems and networks, I have to be cautious about which
  applications I allow on to a system or network for this very
  reason.
  Please be aware that I am not making these points and asking
  these questions to be a "troublemaker" or to shoot down the
  achievements of the AIR team, or Adobe. To the contrary, I am very
  impressed by the technology that I've seen so far and would
  very much like to see AIR become and stay a genuinely useful
  part of the web ecosystem on all platforms. As a matter of fact,
  I'm personally reading a few different resources currently about
  how to develop AIR applications in anticipation of satisfactory
  answers to my few remaining concerns about AIR security worries. ;)
  P.S.: If this forum was the wrong place to be discussing
  these specific types of issues and concerns, please feel free to
  point me toward a better place where such things should be better
  covered and where like-minded individuals and groups might either
  continue the discussion or resolve / close this concern entirely.
  An IRC channel where AIR devs hang out maybe, or perhaps another
  Adobe forum where security concerns are discussed, etc.? :)
  Anyhow, sorry about the long rambling post. Thank you to
  Ashutosh Sharma for your initial reply to this thread, and thank
  you in advance to whoever may reply further and bring final
  resolution to any remaining worries I and others may have regarding
  these and similar potential security concerns. :)

• Cisco Callmanager 5.2 Version root password

  Hello All,
  I have a CCM 5.2 version, linux box. By mistake I unplugded the system power cable. Now when I restarted the system it is giving an error. One of the disks needs to do an fsck. For continuing this step I need the root password which I do not have. 
  Please help me to recitify this problem.
  Thanks in advance
  George

  Dear Jaime,
  Thank you so much for the reply. I had an old image of the system and I restored the same. Now it is working fine.
  I found another link for rectifying the problem
  http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-50/111822-boot-error-00.html
  Thanks
  George

• Reset lost root password and now have read only filesystem

  Hello,
  I have recently had to reset a locked root password by booting from cdrom, mounting the first boot disk, editing the shadow file to remove root's password and rebooting the system.
  The system has booted OK but, I now have a read only filesystem - everything in / cannot be edited, passwd doesnt work etc.
  df -k shows the root (/) filesystem has been mounted on the physical disk I edited:
  Filesystem kbytes used avail capacity Mounted on
  /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a 10085836 185862 9799116 2% /
  but in the vfstab it still references the disksuite metadevice:
  #device device mount FS fsck mount mount
  #to mount to fsck point type pass at boot options
  /dev/md/dsk/d30 /dev/md/rdsk/d30 / ufs 1 no -
  So, can I simply boot from CDROM again, amend the vfstab to be /dev/dsk/c0t0d0s0 (instead of /dev/md/dsk/d03) and reboot?
  Any help with this is appreciated!
  Thanks,
  Emma

  df -k should have shown root mounted on md0
  e.g. on my machine
  # df -k
  Filesystem kbytes used avail capacity Mounted on
  /dev/md/dsk/d0 8260691 4366317 3811768 54% /
  what does /etc/system show for rootdev?
  # grep rootdev /etc/system
  * rootdev: Set the root device. This should be a fully
  * rootdev:/sbus@1,f8000000/esp@0,800000/sd@3,0:a
  rootdev:/pseudo/md@0:0,0,blk
  Remember if this is a mirrored drive, when you boot from CD you may need to mount both sides of the mirror and make changes on both sides- otherwise the replication may not goes as expected.
  Actually, I have run into problems with the modifying one side of a mirror this way. In the past Sun tech support would recommend that I break the mirror and then rebuild it once the system is up and running. So in your case you may want to boot from CD, mount the 1st disk slice, edit /etc/vfstab AND /etc/system, boot into the OS and use the various meta commands to delete and rebuild the mirror- or at least maybe to drop and reattach the 2nd 1/2 of the mirror.

• Tivoli Access Manager 6.0 with Sun Java System Directory 6.3

  Hi,
  We have been using Tivoli Access Manager 6.0 with Sun Java System Directory 6.3 .
  Using IBM TAM Java API we can administer the user creation but the API provide support only to create user with required attribute as user name, password, description, setAccoutntvalid etc.
  But Sun Java System Directory 6.3 contains the many attributes as just to name a few...
  First Name (givenname), User ID (uid),Password (userPassword), Confirm Password
  E-mail (mail), Telephone Number (telephoneNumber), Country (c),Fax Number (facsimileTelephoneNumber), Locality (l), Organization (o), Organizational Unit (ou), accessHint, accountHint, departmentNumber, description, destinationIndicator, displayName, employeeNumber ETC...
  Now My Issue is if we need to add the values for other attributes as "accessHint" , "employeeNumber" etc, then how can we acheive using IBM TAM Java API or is there any other way.
  Thanks for your kind help...

  Looks like the attribute sunIdentityServerDiscoEntries is defined twice in the schema. Run the following and see where it is defined for the second time.
  # cd /var/opt/SUNWdsee/dsins1/config/schema
  # grep -w sunIdentityServerDiscoEntries *.ldif | grep -iv objectclasses
  Edited by: etst123 on Mar 3, 2009 1:28 PM

• I need to change values in a file owned by root (root password is constant)

  The file is parameter file has below contents. The file is owned by root. My script is run by normal user and root password is constant and we can hardcode it.
  ABCLimit: 90
  SpoolLimit: 200
  TimeLimit: 345
  I need to change the value of SpooLimit from 200 to 400.
  Can anybody please give code for this?

  Your application needs to be running as root, or the user that started the application needs to have root level permissions for at least specific funtions (i.e. /etc/group, RBAC, sudo, etc).
  Java cannot change the users permission level in anyway that the user cannot already do himself.
  If you wish to find out how to use the /etc/group file, RBAC, sudo, etc, find your local System Administrator and explain your intentions to him/her (yeah, now that's a conversation I want to hear).

• HT201240 how can I find the su - root password on my mac?

  how can I find the su - root password on my mac?

  Chances are you could have also done
  sudo su -
  which would now make you 'root' until you exit.  You could do all your setup running as root.
  Very few if anything actually needs the root password to use root privileges, and having a system where root cannot be directly logged into, is a safer system.