Key Users
  Product Detail
  Automated Brochure
  Automated Demos
  Press Releases
  Newsletter
  Brochure
  Testimonials
  Customers
  Analyst Reviews
  Live Demo Request
  ROI

 


 
 
 
    > Newsletter > November 2006 > Ask Al
 
   
 

Ask Al

Question #1
We recently had to reboot a system after completing some preventative maintenance. The system had been up for more than 6 months. After booting the system, I was informed that no one knew the root password. Could you tell me how to bypass it?

Answer:
With employee turnover and movement of systems from one department to another, it is not uncommon to have to reset the root password. Depending on your system configuration and Solaris version, the following procedure may need to be slightly adjusted.

To recover a lost or forgotten "root" password, you have to gain access to the OpenBoot PROM "ok" prompt, boot Solaris in single-user mode, and edit the shadow file.

Accessing the OpenBoot PROM "ok" prompt
Power the system on from a powered off condition. If the NVRAM variable auto-boot? is defined as "true," the system runs a Power-On Self-Test (POST) and automatically boots Solaris. To prevent this, you must halt the Solaris boot process and enter the OpenBoot PROM "ok" prompt.

Wait for POST to finish. A system banner appears when POST has run its course. (See system banner example below.)
Sun Ultra 30 UPA/PCI(UltraSPARC-II 248MHz), Keyboard Present
OpenBoot 3.9, 128 MB memory installed, Serial #9264328.
Ethernet address 8:0:20:8d:5c:c8, Host ID: 808d5cc8

Depending on the console connection to the system, use one of the methods below to break out of the boot sequence and enter the OpenBoot PROM "ok" prompt.

A. System serial port connected to a TTY terminal
You must send a break sequence to the server. Depending on the terminal emulation and keyboard layout, try just the {Break} key or {CTL}and {Break} keys. Push the {enter} key after each attempt.

B. Sun Monitor and Keyboard
Hold down the "stop" key and press the letter "a". Keep typing "a" every 2-3 seconds until the boot process halts and you are taken to the OpenBoot PROM "ok" prompt.

Booting Solaris into Single User Mode
Once at the OpenBoot PROM "ok" prompt, insert the Solaris installation CD into the System's CD-ROM drive and type boot cdrom -s. This boots Solaris into single user mode from the boot CD-ROM. Once in single user mode, the Solaris System Console "#" prompt appears.

Next, look at the available disks to determine which one should be mounted. Change directories to "/dev/dsk" by typing the following:
# cd /dev/dsk

Next, type "ls" to list the contents of the /dev/dsk directory. In most cases, the boot device is c0t0d0s0. If you see this device in the list, try mounting it. A second method would be to type format at the Solaris prompt. This will show a list of the available drives. Select one of the drives and then quit the format utility.

To mount the disk, type the following:
# mount /dev/dsk/c0t0d0s0 /a

One of three scenarios occurs when issuing the mount Command, as follows:
1. mount fails because device does not exist or is of unknown type.
2. mount fails because the partition was not cleanly unmounted (also known as dirty) and a file systems check must be issues prior to issuing the mount command.
3. mount succeeds and you are returned to the prompt with no errors or warnings.

If Scenario 1 occurs, keep trying other items such as "c0t0d1s0" or "c0t1d0s0" until it gives you Scenario 2 or 3.

If Scenario 2 occurs, type the following:
# fsck /dev/dsk/c0t0d0s0

The "c0t0d0s0" within the fsck Command syntax could change depending on the partition - and it checks and corrects inconsistencies. After running the fsck Command, try issuing the mount Command again. It should work.

After the root partition is mounted, type the following to attach to the directories:
# cd /a

Type "ls" to verify that you have mounted the right partition. If you have, you will see a subfolder called "etc". If not, unmount that partition and try another.

Attach to the etc directory by typing the following:
# cd /a/etc

All current versions of Solaris put encrypted user passwords into a shadow file (/a/etc/shadow); previous versions of Solaris store them in the passwd file (/a/etc/passwd).

Editing the Shadow File and Removing the "root" password
To edit the shadow file and remove the encrypted password, type the following:
# vi /a/etc/shadow

If the correct terminal type is set, a bunch of users and encrypted letters/numbers appears.
root:s3fSGda2hDljk:0:3:xx:/:/bin/sh

Each line represents a single user, and every field is separated by a colon (:). The breakdown below goes through the meaning of each field.
username:password:uid:gid:gcos-field:home-dir:login-shell

Encrypted passwords are the 13 characters - or more if using MD5 encryption - to the right of the username "root"

To reset the password, simply remove those 13 characters and save file. The file is "read-only," so you have to use the vi override command ":w!".

After removing the encrypted password, the line should resemble the following:
root::0:3:whatever:/:/bin/sh

Exit out of vi after saving and type "init 6".

The root password is now password free. Make sure to change that password immediately upon reboot so the machine is secure.

Question #2
As a Sun Microsystems reseller, I’ve been wheeling and dealing Sun Fire V480s left and right. But one problem keeps arising – some of these systems have their consoles directed to RSC and are password protected.  How do I bypass the RSC password and gain access to the system?

Answer:
We've received many calls and e-mails about this problem. In fact, this also applies to the Sun Fire V490, V880, and V890. There are several routes that could be followed to bypass RSC passwords. All are dependent on a system's OpenBoot PROM version.

The process of bypassing RSC passwords involves temporarily setting NVRAM variables to their default values, establishing a terminal connection to "ttya," and creating a new RSC login and password by using the rscadm Command at the Solaris System Console "#" prompt.

Here's a quick breakdown about what to do...

OpenBoot PROM 4.15.0 and higher
If the system's firmware is higher than 4.15.0, then everything is going to be extremely easy. Basically, all you have to do is flip the Keyswitch to the "diagnostics" position and establish a terminal connection to the system's "ttya" serial port, and create a new RSC username and password.

Using the Keyswitch
1. Move the Keyswitch in the "diag" position and establish a terminal connection to the system via "ttya."

2. Boot the system and log in to Solaris as "root."

3. Engage the uname -i Command at the Solaris System Console "#" prompt to obtain the System Identification (<system_id>).
# uname -i

4. By using the rscadm useradd Command, create a new user. At the Solaris System Console "#" prompt, type the following:
# /usr/platform/<system_id>/rsc/rscadm useradd <username>

- The term "<username>" represents the new user-defined username being created.
- The term "<system_id>" represents the output from Step 3.

5. Assign full user permissions to the new username created in Step 4.
# /usr/platform/<system_id>/rsc/rscadm userperm <username> cuar

6. Define a password for the newly created RSC username.
# /usr/platform/<system_id>/rsc/rscadm userpassword <username>

7. Reboot the RSC Card.
# /usr/platform/<system_id>/rsc/rscadm resetrsc
- The term "<system_id>" represents the output from Step 3.

8. Reset the system and obtain a connection through the RSC Card.
- Connections may be made through either the Serial or Network Port.

9. Log in to RSC using the newly created username and password.

OpenBoot PROM earlier than 4.15.0
If the system's OpenBoot PROM version is earlier than 4.15.0, then the NVRAM is going to have to be bypassed using the either the Front Panel Power Button or by physically removing the RSC Card from the system.

Using the Front Panel Power Button
This procedure could also be followed on systems with OpenBoot PROM versions 4.15 or later.
 

1. Turn on power to the system and watch the System Status Fault LED (Wrench).

2. When the System Status Fault LED begins to rapidly blink, press the Front Panel Power Button twice with a short, one second delay between each press.

3. The NVRAM variables return to their default settings. However, the original values are restored after the next hardware or software reset.

4. Obtain terminal connection through "ttya."

5. Boot the system and log in to Solaris as "root."

6. Obtain the System Identification (<system_id>) by engaging the uname -i Command at the Solaris System Console "#" prompt.
# uname -i

7. By using the rscadm useradd Command, create a new user. At the Solaris System Console "#" prompt, type the following:
# /usr/platform/<system_id>/rsc/rscadm useradd <username>

- The term "<username>" represents the new user-defined username that is being created.
- The term "<system_id>" represents the System Identification output created in Step 6.

8. Assign full user permissions to the new username created in Step 7.
# /usr/platform/<system_id>/rsc/rscadm userperm <username> cuar

9. Define a password for the newly created RSC username.
# /usr/platform/<system_id>/rsc/rscadm userpassword <username>

10. Reboot the RSC Card.
# /usr/platform/<system_id>/rsc/rscadm resetrsc

11. Reset the system and obtain a connection through the RSC Card. The NVRAM variables go from the default values to their user-assigned values once the system is reset.

12. Obtain a connection through the RSC Card. (Either the RSC Serial or Network Management Port, depending on RSC Configuration Script settings.)

13. Log in to RSC using the username and password that were created.

Removing the RSC Card
If RSC is directed as the primary communications port, then physically removing the RSC Card from the system makes "ttya" the default communications port. When a connection through "ttya" is made, a new RSC username and password can be set up at the Solaris System Console "#" prompt by using the rscadm Command.

I recently tried demonstrating this procedure to a class and was only able to get everything to work once. You may have better luck.

1. Shut down Solaris and power down the system.

2. Unplug the power cord(s) from the system.

3. Remove the RSC Card.

4. Plug the power cord(s) back in the system.

5. Power on and obtain a terminal connection to "ttya."

6. Gain access to the OpenBoot PROM "ok" prompt and type the following: ok diag-console ttya

7. Redefine both the input- and output-device variables:
 
- If using a keyboard and monitor:
ok setenv input-device keyboard
ok setenv output-device screen

 
- If going directly to "ttya":
ok setenv input-device ttya
ok setenv output-device ttya

8. Remote System Control is removed as the default console.

9. Power down the system and unplug the power cord(s).

10. Reinstall the RSC Card.

11. Plug in the power cord(s) and power on the system.

12. Boot Solaris and log in as "root."

13. Obtain the System Identification (<system_id>) by engaging the uname -i Command at the Solaris System Console "#" prompt.
# uname -i

14. By using the rscadm useradd Command, create a new user. At the Solaris System Console "#" prompt, type the following:
# /usr/platform/<system_id>/rsc/rscadm useradd <username>

- The term "<username> >username<" represents the new user-defined username that is being created.

15. Assign full user permissions to the new username that was created in Step 14.
# /usr/platform/<system_id>/rsc/rscadm userperm <username> cuar

16. Define a password for the newly created RSC username.
# /usr/platform/<system_id>/rsc/rscadm userpassword <username>

17. Reboot the RSC Card.
# /usr/platform/<system_id>/rsc/rscadm resetrsc

18. The System Console must be redirected back to RSC, so several NVRAM variables must be reassigned new values. At the OpenBoot PROM "ok" prompt, type the following:
ok diag-console rsc
ok setenv input-device rsc-console
ok setenv output-device rsc-console

19. Reset the system.

20. Obtain a connection through the RSC Card. (Either the RSC Serial or Network Management Port, depending on RSC Configuration Script settings.)

21. Log in to RSC using the username and password that were just created.

Do you have a question you'd like to see answered in a future issue of eKnowledge? Email Allen at: askal@stsolutions.com