AIX - How to unlock and reset user’s account
Article Number: 230 | Rating: 4/5 from 1 votes | Last Updated: Fri, Jun 8, 2018 9:20 PM
AIX - How to unlock and reset user's account
Sometimes a user cannot remote login to an AIX machine might not due to just password expired issue. His/her account might have some other settings that prevent them from logging in. Below is a quick check procedure and how to resolve the issue if it is due to account setting issue.
To check user's account.
=======================================================
root@server # lsuser james
james id=27649 pgrp=staff groups=staff home=/local/users/james shell=/bin/ksh gecos=James SH login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=27 registry=files SYSTEM=compat logintimes= loginretries=6 pwdwarntime=10 account_locked=false minage=0 maxage=5 maxexpired=3 minalpha=5 minother=2 mindiff=3 maxrepeats=2 minlen=8 histexpire=26 histsize=14 pwdchecks= dictionlist= fsize=-1 cpu=-1 data=-1 stack=-1 core=8192 rss=-1 nofiles=5000 fsize_hard=-1 cpu_hard=-1 data_hard=-1 stack_hard=-1 rss_hard=-1 time_last_login=1393339184 time_last_unsuccessful_login=1340282915 tty_last_login=/dev/pts/14 tty_last_unsuccessful_login=ssh host_last_login=jumpserver.domain.com host_last_unsuccessful_login=tsitsshl304.europe.shell.com unsuccessful_login_count=0 roles=
=======================================================
Make sure the parameters below are having the correct value.
=======================================================
su=true
rlogin=true
daemon=true
expires=0
account_locked=false
unsuccessful_login_count=0
=======================================================
If the value is incorrect as above, change the value using below command.
=======================================================
root@server # chuser <parameter>=<value> <userid>
root@server # chuser rlogin=true james
=======================================================
Then try to reset the password of the user.
=======================================================
root@server # passwd james
=======================================================
Finally try to login with the new password. If it still fails, check on the parameters again.
#Hint: There is a possibility that OS config like PAM is prohibiting the login.
To check user's account.
=======================================================
root@server # lsuser james
james id=27649 pgrp=staff groups=staff home=/local/users/james shell=/bin/ksh gecos=James SH login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=27 registry=files SYSTEM=compat logintimes= loginretries=6 pwdwarntime=10 account_locked=false minage=0 maxage=5 maxexpired=3 minalpha=5 minother=2 mindiff=3 maxrepeats=2 minlen=8 histexpire=26 histsize=14 pwdchecks= dictionlist= fsize=-1 cpu=-1 data=-1 stack=-1 core=8192 rss=-1 nofiles=5000 fsize_hard=-1 cpu_hard=-1 data_hard=-1 stack_hard=-1 rss_hard=-1 time_last_login=1393339184 time_last_unsuccessful_login=1340282915 tty_last_login=/dev/pts/14 tty_last_unsuccessful_login=ssh host_last_login=jumpserver.domain.com host_last_unsuccessful_login=tsitsshl304.europe.shell.com unsuccessful_login_count=0 roles=
=======================================================
Make sure the parameters below are having the correct value.
=======================================================
su=true
rlogin=true
daemon=true
expires=0
account_locked=false
unsuccessful_login_count=0
=======================================================
If the value is incorrect as above, change the value using below command.
=======================================================
root@server # chuser <parameter>=<value> <userid>
root@server # chuser rlogin=true james
=======================================================
Then try to reset the password of the user.
=======================================================
root@server # passwd james
=======================================================
Finally try to login with the new password. If it still fails, check on the parameters again.
#Hint: There is a possibility that OS config like PAM is prohibiting the login.
Subscribe to Article
Print Article
Email Article to Friend
Export to PDF
Export to MS Word