SUMMARY:Forgot root passwd

From: P Sharma <psharmaus_at_yahoo.com>
Date: Mon Dec 17 2001 - 13:17:23 EST
Hi Unix Gurus,
I thank all for the help.

I've forgotten the root password; how can I recover? 
You need to have access to the machine's console. 

1. Note the root partition (e.g. /dev/sd0a or
/dev/dsk/c0t3d0s0) 
2. Hit STOP-A or L1-A (or, on an ASCII terminal or
emulator, send a 
) to halt the operating system, if it's running. 
3. Boot single-user from CD-ROM (boot cdrom -s) or
network 
install/jumpstart server (boot net -s) (NB: if it asks
you for a prom 
password, see below.) 
4. Mount the root partition (e.g. /dev/dsk/c0t3d0s0)
on "/a". "/a" is 
an empty mount point that exists at this stage of the
installation 
procedure. (mount /dev/dsk/c0t3d0s0 /a) 
5. Set your terminal type so you can use a full-screen
editor, e.g. vi. 
(you can skip this step if you know how to use "ex" or
"vi" from open 
mode). If you're on a sun console, type "TERM=sun;
export TERM"; if 
you're using an ascii terminal (or terminal emulator
on a PC) for your 
console, set TERM to the terminal type (e.g.
TERM=vt100; export TERM). 
6. Edit the passwd file (/a/etc/passwd for SunOS 4.x, 
/a/etc/passwd.adjunct 
for SunOS 4.x with shadow passwords/C2 security),
/a/etc/shadow for 
Solaris 2.x and remove the encrypted password entry
for root 
7. cd to /; Type "umount /a" 
8. reboot as normal in single-user mode ("boot -s").
The root account 
will 
not have a password. Give it a new one using the
passwd command. 

Thanks to Stefan Voss 

PROM passwords: 

Naturally, you may not want anyone with physical
access to the machine 
to 
be able to do the above to erase the root password.
Suns have a 
security 
password mechanism in the PROM which can be set (this
is turned off by 
default). The man page for the eeprom command
describes this feature. 

If security-mode is set to "command", the machine only
be booted 
without 
the prom password from the default device (i.e.
booting from CD-ROM or 
install server will require the prom password).
Changing the root 
password 
in this case requires moving the default device (e.g.
the boot disk) to 
a 
different SCSI target (or equivalent), and replacing
it with a 
similarly 
bootable device for which the root password is known.
If security-mode 
is 
set to full, the machine cannot be booted without the
prom password, 
even 
from the default device; defeating this requires
replacing the NVRAM on 
the 
motherboard. "Full" security has its drawbacks -- if,
during normal 
operations, the machine is power-cycled (e.g. by a
power outage) or 
halted 
(e.g. by STOP-A), it cannot reboot without the
intervention of someone 
who knows the prom password. 



__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com
Received on Mon Dec 17 18:17:23 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:37 EDT