Recovering Passwords in Solaris 11

About once a year, I'll find a way to lock myself out of a Solaris system. Here's how to get out of this scenario. You'll need a Solaris 11 Live CD or Live USB stick.
  • Boot up from the Live CD/USB
  • Select the 'Text Console' option from the GRUB menu
  • Login to the solaris console using the username/password of jack/jack
  • Switch to root
  • $ sudo su
    password jack
    
  • Mount the solaris boot environment in a temporary directory
  • # beadm mount solaris /a
    
  • Edit the shadow file
  • # vi /a/etc/shadow
    
  • Find your username and remove the password hash
  • Convert
    username:iEwei23SamPleHashonf0981:15746::::::17216
    to
    username::15746::::::17216
    
  • Allow empty passwords at login
  • $ vi /a/etc/default/login
    Switch this line
    PASSREQ=YES
    to
    PASSREQ=NO
    
  • Update the boot archive
  • # bootadm update-archive -R /a
    
  • Reboot and remove the Live CD/USB from system
  • # reboot
    
    If prompted for a password, hit return since this has now been blanked.
Comments:

Rather than allowing no passwords and clearing the root password, why not grab a password hash from an account you know the password to. If none, handy, copy the one for jack from teh live cd. Of course you should change it right away, but the idea of root having no password at all, even for a little while sends shivers up my spine.

alan.

Posted by Alan Hargreaves on February 11, 2013 at 02:08 PM MST #

Thank you for this info, but what happens when I get the below message?

root@solaris:/jack# beadm mount solaris /a
be_mount: failed to find zpool for BE (solaris)
Unable to mount solaris.
solaris does not exist or appear to be a valid BE.
Please check that the name of the BE provided is correct.
root@solaris:/jack#

Posted by guest on February 20, 2013 at 05:44 PM MST #

Your boot environment (BE) might not be called solaris. Run `beadm list` to discover its name.

Posted by paulie on February 21, 2013 at 01:28 PM MST #

Thank you for "beadm list" command, but it gives this:

be_find_current_be: failed to find current BEname
be_list: No BE's found
No boot environments found on this system.

But i am positive that there is installed Solaris 11 on the harddrive (i can even boot to it).

Posted by guest on May 27, 2013 at 12:42 PM MDT #

Hi

You need to import the zpool ( default pool name rpool) with -f option then if you run beadm list it will show the available boot environments.

Posted by guest on June 06, 2013 at 01:08 AM MDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Hiya, my name is Paul Johnson and I'm a software engineer working on the ZFS storage appliance .

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today