03-30-2019 05:43 AM
After performing a "yum update" on the guestshell of a Nexus 9300 (9.2.(3)) I get prompted for a password when I try to do a chvrf. It doesn't take the switches password for admin.
[admin@guestshell ~]$ sudo chvrf management
sudo: Account or password is expired, reset your password and try again
Changing password for root.
(current) UNIX password:
Does anyone know how to get around this?
Solved! Go to Solution.
04-01-2019 10:29 AM
David,
Either workaround will suffice. The main issue is the "password must be changed" state of the root user prior to any workarounds, see below:
[admin@guestshell ~]$ sudo su - [root@guestshell ~]# chage -l root Last password change : password must be changed Password expires : password must be changed Password inactive : password must be changed Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
By changing the PW of the root user, you are effectively toggling it to "never" expire which is what we are interested in:
[root@guestshell ~]# passwd New password: Retype new password: passwd: all authentication tokens updated successfully.
Now:
[root@guestshell ~]# chage -l root Last password change : Apr 01, 2019 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Both workarounds accomplish the same: They set the root PW to never expire so you should be in the clear!
Other workaround here:
[root@guestshell ~]# chage --lastday -1 root [root@guestshell ~]# chage -l root Last password change : never Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Glad to help.
04-01-2019 05:54 AM
Hi there,
Unfortunately, looks like you are running into CSCvo29238 (should be external in the next 24-48 hours). The issue is indeed triggered after a "yum update" has been executed within the guest shell.
The workaround is to use the following command such that the root password does not expire:
[root@guestshell ~]# chage --lastday -1 root
Hope that helps.
04-01-2019 09:02 AM
Thanks for the reply.
I found that if I create a password (in the guestshell) for the admin account right after I create the guestshell, then I don't have any issues after the yum update.
Are there any downsides with this approach? Would I still need to run the command you suggested on the root account?
Regards,
David
04-01-2019 10:29 AM
David,
Either workaround will suffice. The main issue is the "password must be changed" state of the root user prior to any workarounds, see below:
[admin@guestshell ~]$ sudo su - [root@guestshell ~]# chage -l root Last password change : password must be changed Password expires : password must be changed Password inactive : password must be changed Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
By changing the PW of the root user, you are effectively toggling it to "never" expire which is what we are interested in:
[root@guestshell ~]# passwd New password: Retype new password: passwd: all authentication tokens updated successfully.
Now:
[root@guestshell ~]# chage -l root Last password change : Apr 01, 2019 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Both workarounds accomplish the same: They set the root PW to never expire so you should be in the clear!
Other workaround here:
[root@guestshell ~]# chage --lastday -1 root [root@guestshell ~]# chage -l root Last password change : never Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Glad to help.
04-01-2019 11:59 AM
Thanks!
- David, CCIE #5751 R&S
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide