Guest wlaote Posted March 12, 2005 Report Share Posted March 12, 2005 Hello! I hope you can help me quickly, it is some kind of emergency. I'm running Mandrake 10 as a file server without GUI and with security setting "highest", one below paranoid. It was running for months, but now i wanted to shut it down for hardware maintenance and was not able to log in. :( Password expiration has trapped another one. I would love to change the password expiration like it was written in a recent thread, but without login.. On security setting "highest" direct root login is not allowed, you have to login as a user first and then do a "su", but the users password is expired. If I log in with the old password some lines flash over the monitor which couldn't be read because the login prompt is immediatly there again, but it surely says "password expired". The server has webmin installed, but neither root nor user can login via web-browser. I know the server is not compromised, it only runs in a local LAN, me the only one with access. What should I do? Do I really have to hard reset it and boot from a rescue media? How do I do this? Thanks a lot! Quote Link to comment Share on other sites More sharing options...
Guest wlaote Posted March 12, 2005 Report Share Posted March 12, 2005 Oh, and just to make this clear: When I login as user with the old password, there is no "please change password now because it expired"-type prompt, it just jumps back to the login. Quote Link to comment Share on other sites More sharing options...
scarecrow Posted March 13, 2005 Report Share Posted March 13, 2005 Does it allow you login at single user mode when you boot, or failsafe mode, so you can change the password? Quote Link to comment Share on other sites More sharing options...
Guest wlaote Posted March 14, 2005 Report Share Posted March 14, 2005 Yes, it allowed me to login with root after booting in failsafe mode/single user mode, even though the password was "expired". From there I first changed the password with "passwd" (playing it safe) and the expiration limit for the user and root with "chage". Problem solved. To recapitulate: If you install Mandrake 10 with security setting paranoid and highest (and high?) and doesn't touch the machine for a period of time (I think 60 days was the limit) you have to hard-reset it because its locked. You are not able to login anymore. This seems to happen only with the Mandrake distribution, which in my eyes is a SERIOUS flaw and a knock-out argument against Mandrake on a server. An administrator is punished by Mandrake and their policy on this for having a good (secure) system which doesn't need regular logins to fix things. Does this really add much to the security of the system? I don't think so. Is this fixed in 10.1? If not, Mandrake FIX IT! Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.