/etc/security/passwd flags corruption ? - Aix

This is a discussion on /etc/security/passwd flags corruption ? - Aix ; What can cause corruption of the "flags" fields in /etc/security/ passwd ? Here is an example: (Weird characters did not paste) Line 2045: "flags = " Line 2415: "flags = )" Most of the servers where we are having this ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: /etc/security/passwd flags corruption ?

  1. /etc/security/passwd flags corruption ?

    What can cause corruption of the "flags" fields in /etc/security/
    passwd ?

    Here is an example: (Weird characters did not paste)
    Line 2045: "flags = "
    Line 2415: "flags = )"

    Most of the servers where we are having this corruption are AIX 5.2

    Thanks,
    --Ben

  2. Re: /etc/security/passwd flags corruption ?

    On Nov 24, 4:45 am, Benoit Lefebvre wrote:
    > What can cause corruption of the "flags" fields in /etc/security/
    > passwd ?
    >
    > Here is an example: (Weird characters did not paste)
    > Line 2045: "flags = "
    > Line 2415: "flags = )"
    >
    > Most of the servers where we are having this corruption are AIX 5.2
    >
    > Thanks,
    > --Ben


    weird; anyone manually updating the file ?
    what ML are you on ?
    what LANG setting are you using ?

  3. Re: /etc/security/passwd flags corruption ?

    On Nov 25, 5:10 pm, Henry wrote:
    > On Nov 24, 4:45 am, Benoit Lefebvre wrote:
    >
    > > What can cause corruption of the "flags" fields in /etc/security/
    > > passwd ?

    >
    > > Here is an example: (Weird characters did not paste)
    > > Line 2045: "flags = "
    > > Line 2415: "flags = )"

    >
    > > Most of the servers where we are having this corruption are AIX 5.2

    >
    > > Thanks,
    > > --Ben

    >
    > weird; anyone manually updating the file ?
    > what ML are you on ?
    > what LANG setting are you using ?


    ml: 5200-08
    lang: EN_US

    No one is updating the file manually.

    --Ben

  4. Re: /etc/security/passwd flags corruption ?

    On Nov 27, 3:56 am, Benoit Lefebvre wrote:
    > On Nov 25, 5:10 pm, Henry wrote:
    >
    >
    >
    > > On Nov 24, 4:45 am, Benoit Lefebvre wrote:

    >
    > > > What can cause corruption of the "flags" fields in /etc/security/
    > > > passwd ?

    >
    > > > Here is an example: (Weird characters did not paste)
    > > > Line 2045: "flags = "
    > > > Line 2415: "flags = )"

    >
    > > > Most of the servers where we are having this corruption are AIX 5.2

    >
    > > > Thanks,
    > > > --Ben

    >
    > > weird; anyone manually updating the file ?
    > > what ML are you on ?
    > > what LANG setting are you using ?

    >
    > ml: 5200-08
    > lang: EN_US
    >
    > No one is updating the file manually.
    >
    > --Ben


    can you show the whole stanza that's being corrupted ?

  5. Re: /etc/security/passwd flags corruption ?

    On Nov 26, 3:57 pm, Henry wrote:
    > On Nov 27, 3:56 am, Benoit Lefebvre wrote:
    >
    >
    >
    > > On Nov 25, 5:10 pm, Henry wrote:

    >
    > > > On Nov 24, 4:45 am, Benoit Lefebvre wrote:

    >
    > > > > What can cause corruption of the "flags" fields in /etc/security/
    > > > > passwd ?

    >
    > > > > Here is an example: (Weird characters did not paste)
    > > > > Line 2045: "flags = "
    > > > > Line 2415: "flags = )"

    >
    > > > > Most of the servers where we are having this corruption are AIX 5.2

    >
    > > > > Thanks,
    > > > > --Ben

    >
    > > > weird; anyone manually updating the file ?
    > > > what ML are you on ?
    > > > what LANG setting are you using ?

    >
    > > ml: 5200-08
    > > lang: EN_US

    >
    > > No one is updating the file manually.

    >
    > > --Ben

    >
    > can you show the whole stanza that's being corrupted ?


    Well.. here is an example entry in /etc/security/passwd:

    ------------------------------------------------------
    username:
    password = 1AeRzNuJ0F7jp
    lastupdate = 1116545273
    flags = ^Bu0
    ------------------------------------------------------

    PS: The "^B" is actually one single character

    --Ben

  6. Re: /etc/security/passwd flags corruption ?

    On Nov 26, 9:56 am, Benoit Lefebvre wrote:
    > On Nov 25, 5:10 pm, Henry wrote:
    >
    >
    >
    > > On Nov 24, 4:45 am, Benoit Lefebvre wrote:

    >
    > > > What can cause corruption of the "flags" fields in /etc/security/
    > > > passwd ?

    >
    > > > Here is an example: (Weird characters did not paste)
    > > > Line 2045: "flags = "
    > > > Line 2415: "flags = )"

    >
    > > > Most of the servers where we are having this corruption are AIX 5.2

    >
    > > > Thanks,
    > > > --Ben

    >
    > > weird; anyone manually updating the file ?
    > > what ML are you on ?
    > > what LANG setting are you using ?

    >
    > ml: 5200-08
    > lang: EN_US
    >
    > No one is updating the file manually.
    >
    > --Ben


    With respect, how can you be sure that no one is updating this
    file manually? Do you have audit data to prove it?

    FWIW my experience is that a lot of tricky problems are caused
    by people doing things that no one was supposed to be doing.

    Regards,
    Jim Lane

  7. Re: /etc/security/passwd flags corruption ?

    On Nov 27, 2:02 pm, Jim.L...@cibc.com wrote:
    > On Nov 26, 9:56 am, Benoit Lefebvre wrote:
    >
    >
    >
    > > On Nov 25, 5:10 pm, Henry wrote:

    >
    > > > On Nov 24, 4:45 am, Benoit Lefebvre wrote:

    >
    > > > > What can cause corruption of the "flags" fields in /etc/security/
    > > > > passwd ?

    >
    > > > > Here is an example: (Weird characters did not paste)
    > > > > Line 2045: "flags = "
    > > > > Line 2415: "flags = )"

    >
    > > > > Most of the servers where we are having this corruption are AIX 5.2

    >
    > > > > Thanks,
    > > > > --Ben

    >
    > > > weird; anyone manually updating the file ?
    > > > what ML are you on ?
    > > > what LANG setting are you using ?

    >
    > > ml: 5200-08
    > > lang: EN_US

    >
    > > No one is updating the file manually.

    >
    > > --Ben

    >
    > With respect, how can you be sure that no one is updating this
    > file manually? Do you have audit data to prove it?
    >
    > FWIW my experience is that a lot of tricky problems are caused
    > by people doing things that no one was supposed to be doing.
    >
    > Regards,
    > Jim Lane


    Well.. I know for sure we have no scripts to edit this file manually..

    BUT.. we are using IBM Tivoli Identity Manager and I'm starting to
    think this software is causing these problems

    It's funny to see that we realised that we had these weird chararcter
    when ITIM started to mal-function.

    I will continue to investigate on that.. Even our IBM representative
    was surprised when I showed this to him he never saw that.

    --Ben

  8. Re: /etc/security/passwd flags corruption ?

    On Nov 27, 10:15 am, Benoit Lefebvre
    wrote:
    > On Nov 26, 3:57 pm, Henry wrote:
    >
    >
    >
    > > On Nov 27, 3:56 am, Benoit Lefebvre wrote:

    >
    > > > On Nov 25, 5:10 pm, Henry wrote:

    >
    > > > > On Nov 24, 4:45 am, Benoit Lefebvre wrote:

    >
    > > > > > What can cause corruption of the "flags" fields in /etc/security/
    > > > > > passwd ?

    >
    > > > > > Here is an example: (Weird characters did not paste)
    > > > > > Line 2045: "flags = "
    > > > > > Line 2415: "flags = )"

    >
    > > > > > Most of the servers where we are having this corruption are AIX 5.2

    >
    > > > > > Thanks,
    > > > > > --Ben

    >
    > > > > weird; anyone manually updating the file ?
    > > > > what ML are you on ?
    > > > > what LANG setting are you using ?

    >
    > > > ml: 5200-08
    > > > lang: EN_US

    >
    > > > No one is updating the file manually.

    >
    > > > --Ben

    >
    > > can you show the whole stanza that's being corrupted ?

    >
    > Well.. here is an example entry in /etc/security/passwd:
    >
    > ------------------------------------------------------
    > username:
    > password = 1AeRzNuJ0F7jp
    > lastupdate = 1116545273
    > flags = ^Bu0
    > ------------------------------------------------------
    >
    > PS: The "^B" is actually one single character
    >
    > --Ben


    it's looking like a couple of things to me
    1. you have someone manually hacking the file
    2. you have something manually hacking the file
    3. you have an error with files that access /etc/security/passwd

    do you have any security "enhancements" ? or non-standard password
    software.
    to me. 1. above looks the most likely, someone using vi and hitting
    the wrong keys

  9. Re: /etc/security/passwd flags corruption ?

    On Nov 27, 3:09 pm, Henry wrote:
    > On Nov 27, 10:15 am, Benoit Lefebvre
    > wrote:
    >
    >
    >
    > > On Nov 26, 3:57 pm, Henry wrote:

    >
    > > > On Nov 27, 3:56 am, Benoit Lefebvre wrote:

    >
    > > > > On Nov 25, 5:10 pm, Henry wrote:

    >
    > > > > > On Nov 24, 4:45 am, Benoit Lefebvre wrote:

    >
    > > > > > > What can cause corruption of the "flags" fields in /etc/security/
    > > > > > > passwd ?

    >
    > > > > > > Here is an example: (Weird characters did not paste)
    > > > > > > Line 2045: "flags = "
    > > > > > > Line 2415: "flags = )"

    >
    > > > > > > Most of the servers where we are having this corruption are AIX 5.2

    >
    > > > > > > Thanks,
    > > > > > > --Ben

    >
    > > > > > weird; anyone manually updating the file ?
    > > > > > what ML are you on ?
    > > > > > what LANG setting are you using ?

    >
    > > > > ml: 5200-08
    > > > > lang: EN_US

    >
    > > > > No one is updating the file manually.

    >
    > > > > --Ben

    >
    > > > can you show the whole stanza that's being corrupted ?

    >
    > > Well.. here is an example entry in /etc/security/passwd:

    >
    > > ------------------------------------------------------
    > > username:
    > > password = 1AeRzNuJ0F7jp
    > > lastupdate = 1116545273
    > > flags = ^Bu0
    > > ------------------------------------------------------

    >
    > > PS: The "^B" is actually one single character

    >
    > > --Ben

    >
    > it's looking like a couple of things to me
    > 1. you have someone manually hacking the file
    > 2. you have something manually hacking the file
    > 3. you have an error with files that access /etc/security/passwd
    >
    > do you have any security "enhancements" ? or non-standard password
    > software.
    > to me. 1. above looks the most likely, someone using vi and hitting
    > the wrong keys


    As I said in my previous post..

    We are using ITIM.. I think this is what's causing these problems..

    Funny thing is that we discovered that by investigatinf an problem
    with ITIM (it was having problems with these weird characters)

    --Ben

+ Reply to Thread