Completely locked out of OpenVMS 8.4 system
-
Topic author - Contributor
- Posts: 15
- Joined: Mon Apr 24, 2023 1:42 pm
- Reputation: 0
- Status: Offline
Completely locked out of OpenVMS 8.4 system
Hi,
I fired up my Itanium box after about a year of it collecting dust and unfortunately I had forgotten the system password. I tried every password I usually use and after about 35 tries I gave up and decided to just reset the password. I followed the instructions I found online and successfully reset the password but I still can't log in. I tried creating a new account with adduser.com and I can't log in with that account either.
Is this because I used the wrong password so many times? Did I enable some sort of break-in defense that needs to be disabled?
This is what I did to reset the password
fs0:\efi\vms\vms_loader.efi -flags 0,1
SET/STARTUP OPA0:
SET WINDOW_SYSTEM 0
SET WRITESYSPARAMS 0
CONTINUE
spawn @SYS$SYSTEM:STARTUP
SET DEFAULT SYS$SYSTEM:
RUN SYS$SYSTEM:AUTHORIZE
MODIFY SYSTEM /PASSWORD=newsystempassword
quit
I fired up my Itanium box after about a year of it collecting dust and unfortunately I had forgotten the system password. I tried every password I usually use and after about 35 tries I gave up and decided to just reset the password. I followed the instructions I found online and successfully reset the password but I still can't log in. I tried creating a new account with adduser.com and I can't log in with that account either.
Is this because I used the wrong password so many times? Did I enable some sort of break-in defense that needs to be disabled?
This is what I did to reset the password
fs0:\efi\vms\vms_loader.efi -flags 0,1
SET/STARTUP OPA0:
SET WINDOW_SYSTEM 0
SET WRITESYSPARAMS 0
CONTINUE
spawn @SYS$SYSTEM:STARTUP
SET DEFAULT SYS$SYSTEM:
RUN SYS$SYSTEM:AUTHORIZE
MODIFY SYSTEM /PASSWORD=newsystempassword
quit
-
- Master
- Posts: 201
- Joined: Fri Aug 14, 2020 11:31 am
- Reputation: 0
- Status: Offline
Re: Completely locked out of OpenVMS 8.4 system
Try $ SHOW INTRUSION
and if there is an intrusion record, you could probably remove it with
$ DELETE/INTRUSION ...
Volker.
and if there is an intrusion record, you could probably remove it with
$ DELETE/INTRUSION ...
Volker.
Re: Completely locked out of OpenVMS 8.4 system
Code: Select all
> [...] I had forgotten the system password. [...]
3M sells a product which, used properly, can help with that:
https://www.post-it.com/
> [...] I still can't log in. [...]
A detailed description of what you did, and what happened when you
did it, is usually more helpful than a vague description of what you
"can't" do.
Are you doing all this stuff at some kind of serial console terminal,
or what, exactly?
> MODIFY SYSTEM /PASSWORD=newsystempassword
Possibly helpful: Add /NOPWDEXPIRED to that command. As the
AUTHORIZE HELP says:
When you modify a password, the new password expires
automatically; it is valid only once (unless you specify
/NOPWDEXPIRED). On login, the user is forced to change the
password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).
> Try $ SHOW INTRUSION [...]
Sounds good to me.
-
Topic author - Contributor
- Posts: 15
- Joined: Mon Apr 24, 2023 1:42 pm
- Reputation: 0
- Status: Offline
Re: Completely locked out of OpenVMS 8.4 system
Welcome to VMS Software, Inc. OpenVMS (TM) IA64 Operating System, V8.4-2L3
Username: system
Password:
User authorization failure
Added in 4 minutes 16 seconds:
$ SHOW INTRUSION
%SHOW-F-NOINTRUDERS, no intrusion records match specification
Username: system
Password:
User authorization failure
Added in 4 minutes 16 seconds:
Doesn't look like there are any...volkerhalle wrote: ↑Sat Feb 17, 2024 2:10 pmTry $ SHOW INTRUSION
and if there is an intrusion record, you could probably remove it with
$ DELETE/INTRUSION ...
Volker.
$ SHOW INTRUSION
%SHOW-F-NOINTRUDERS, no intrusion records match specification
Re: Completely locked out of OpenVMS 8.4 system
Code: Select all
> Doesn't look like there are any...
And the right/new password still fails? For all users?
Hmmm. I may be out of clever ideas, but...
> spawn @SYS$SYSTEM:STARTUP
I believe that that was supposed to be two commands. The idea behind
the SPAWN was that if you then made some fatal error, you'd be kicked
out of the (newly created) subprocess, not the whole job.
The only other thing I've thought of was that you might be working
with the wrong SYSUAF.DAT. I wouldn't expect this, but if you normally
define the logical name SYSUAF to point to someplace other than the
default location (SYS$SYSTEM:SYSUAF.DAT), then your interactive
AUTHORIZE would be modifying the wrong one.
> fs0:\efi\vms\vms_loader.efi -flags 0,1
You have only one disk, and/or fs0: is the right one?
Check the date+times of SYSUAF.DAT? (DIRE /FULL whatever)
Try the whole procedure one more time?
-
- Master
- Posts: 201
- Joined: Fri Aug 14, 2020 11:31 am
- Reputation: 0
- Status: Offline
Re: Completely locked out of OpenVMS 8.4 system
How - exactly - do you connect to the console ?
If using some kind of terminal emulator, check whether it might be set to send <CR><LF> when typing <RETURN>
This has caused similar problems for some people during installations of VSI OpenVMS x86-64, when trying to set the system password during installation.
Volker.
If using some kind of terminal emulator, check whether it might be set to send <CR><LF> when typing <RETURN>
This has caused similar problems for some people during installations of VSI OpenVMS x86-64, when trying to set the system password during installation.
Volker.
-
Topic author - Contributor
- Posts: 15
- Joined: Mon Apr 24, 2023 1:42 pm
- Reputation: 0
- Status: Offline
Re: Completely locked out of OpenVMS 8.4 system
I'm using Teraterm, I think when I installed the system I used Putty. Maybe that's my issue...
-
- Master
- Posts: 104
- Joined: Fri Jun 14, 2019 11:05 pm
- Reputation: 0
- Location: Goslar, Germany
- Status: Offline
- Contact:
Re: Completely locked out of OpenVMS 8.4 system
A command sequence that will always work: instead of "SET DEFAULT SYS$SYSTEM:" usesms wrote: ↑Sat Feb 17, 2024 4:11 pmThe only other thing I've thought of was that you might be working
with the wrong SYSUAF.DAT. I wouldn't expect this, but if you normally
define the logical name SYSUAF to point to someplace other than the
default location (SYS$SYSTEM:SYSUAF.DAT), then your interactive
AUTHORIZE would be modifying the wrong one.
Code: Select all
$ DEFINE/USER SYSUAF 'F$PARSE("SYSUAF", "SYS$SYSTEM:.DAT")
HTH,
Martin
Last edited by martinv on Mon Feb 19, 2024 2:00 am, edited 1 time in total.
There is something wrong with everything that is popular.
(Charles Fort)
(Charles Fort)
-
Topic author - Contributor
- Posts: 15
- Joined: Mon Apr 24, 2023 1:42 pm
- Reputation: 0
- Status: Offline
Re: Completely locked out of OpenVMS 8.4 system
I confirmed I'm booting from the right disk and I tried $ DEFINE/USER SYSUAF 'F$PARSE("SYSUAF", "SYS$SYSTEM:.DAT"), I still can't log in.
UAF> show system
Username: SYSTEM Owner: SYSTEM MANAGER
Account: SYSTEM UIC: [1,4] ([SYSTEM])
CLI: DCL Tables: DCLTABLES
Default: SYS$SYSROOT:[SYSMGR]
LGICMD:
Flags:
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
No access restrictions
Expiration: (none) Pwdminimum: 15 Login Fails: 55
Pwdlifetime: 30 00:00 Pwdchange: (pre-expired)
Last Login: 3-FEB-2023 06:54 (interactive), 16-SEP-2022 09:19 (non-interactive)
Maxjobs: 0 Fillm: 200 Bytlm: 256000
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 150 JTquota: 4096
Prclm: 10 DIOlm: 150 WSdef: 4096
Prio: 4 ASTlm: 300 WSquo: 8192
Queprio: 0 TQElm: 100 WSextent: 16384
CPU: (none) Enqlm: 4000 Pgflquo: 700000
Authorized Privileges:
ACNT ALLSPOOL ALTPRI AUDIT BUGCHK BYPASS
CMEXEC CMKRNL DIAGNOSE DOWNGRADE EXQUOTA GROUP
GRPNAM GRPPRV IMPERSONATE IMPORT LOG_IO MOUNT
NETMBX OPER PFNMAP PHY_IO PRMCEB PRMGBL
PRMMBX PSWAPM READALL SECURITY SETPRV SHARE
SHMEM SYSGBL SYSLCK SYSNAM SYSPRV TMPMBX
UPGRADE VOLPRO WORLD
Default Privileges:
ACNT ALLSPOOL ALTPRI AUDIT BUGCHK BYPASS
CMEXEC CMKRNL DIAGNOSE DOWNGRADE EXQUOTA GROUP
GRPNAM GRPPRV IMPERSONATE IMPORT LOG_IO MOUNT
NETMBX OPER PFNMAP PHY_IO PRMCEB PRMGBL
PRMMBX PSWAPM READALL SECURITY SETPRV SHARE
SHMEM SYSGBL SYSLCK SYSNAM SYSPRV TMPMBX
UPGRADE VOLPRO WORLD
Identifier Value Attributes
NET$MANAGE %X91F50002
UAF> show system
Username: SYSTEM Owner: SYSTEM MANAGER
Account: SYSTEM UIC: [1,4] ([SYSTEM])
CLI: DCL Tables: DCLTABLES
Default: SYS$SYSROOT:[SYSMGR]
LGICMD:
Flags:
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
No access restrictions
Expiration: (none) Pwdminimum: 15 Login Fails: 55
Pwdlifetime: 30 00:00 Pwdchange: (pre-expired)
Last Login: 3-FEB-2023 06:54 (interactive), 16-SEP-2022 09:19 (non-interactive)
Maxjobs: 0 Fillm: 200 Bytlm: 256000
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 150 JTquota: 4096
Prclm: 10 DIOlm: 150 WSdef: 4096
Prio: 4 ASTlm: 300 WSquo: 8192
Queprio: 0 TQElm: 100 WSextent: 16384
CPU: (none) Enqlm: 4000 Pgflquo: 700000
Authorized Privileges:
ACNT ALLSPOOL ALTPRI AUDIT BUGCHK BYPASS
CMEXEC CMKRNL DIAGNOSE DOWNGRADE EXQUOTA GROUP
GRPNAM GRPPRV IMPERSONATE IMPORT LOG_IO MOUNT
NETMBX OPER PFNMAP PHY_IO PRMCEB PRMGBL
PRMMBX PSWAPM READALL SECURITY SETPRV SHARE
SHMEM SYSGBL SYSLCK SYSNAM SYSPRV TMPMBX
UPGRADE VOLPRO WORLD
Default Privileges:
ACNT ALLSPOOL ALTPRI AUDIT BUGCHK BYPASS
CMEXEC CMKRNL DIAGNOSE DOWNGRADE EXQUOTA GROUP
GRPNAM GRPPRV IMPERSONATE IMPORT LOG_IO MOUNT
NETMBX OPER PFNMAP PHY_IO PRMCEB PRMGBL
PRMMBX PSWAPM READALL SECURITY SETPRV SHARE
SHMEM SYSGBL SYSLCK SYSNAM SYSPRV TMPMBX
UPGRADE VOLPRO WORLD
Identifier Value Attributes
NET$MANAGE %X91F50002
Re: Completely locked out of OpenVMS 8.4 system
Code: Select all
> A command sequence that will always work: [...]
For some values of "always"?
> [...] Pwdminimum: 15 [...]
Just for the convenience of less typing, I'd set that lower, at least
until the real problem is solved.
> [...] Pwdchange: (pre-expired)
I've already suggested changing that when setting the new password.
> I'm using Teraterm, I think when I installed the system I used Putty.
> Maybe that's my issue...
Did you run that experiment?
> Are you doing all this stuff at some kind of serial console terminal,
> or what, exactly?
Still wondering.