Recover or Reset root password in Sun solaris (SPARC)

How many times have you encountered root password expired and got yourself logged out?

There is every little chance that one loses or forget the root password of his Sun Solaris servers. But then, in the enterprise world, we normally set the password aging so there, the password expired before you know it. My team put up a cron to monitor things like this as Solaris tend to warn you by putting a message in /var/adm/messages.

In the event, root password still expires, too bad. You need to shutdown your applications before performing the below procedures. This is the only way.

1) GO to OBP and Boot the server into Single User mode

OK boot cdrom -s
or
OK boot net -s


2) Mount the root file system (e.g. /dev/dsk/c0t0d0s0) to say, /a

For step 1, please use a Sun Solaris OS CD 1 or a jumpstat server in your environment! No password needed here.

Note that /a is a temporary mount point that is available when you boot from CD or a JumpStart server

edit /a/etc/shadow. If you remember your password, edit the expiry age. Else just blank out the encrypted password portion.

Once done. umount and reboot.

# cd /
# umount /a
# sync
# sync
# init s

If you have blank out the password, press enter at the prompt to enter a password for root else let the server progress to level 3. Reboot again to verify. Once in multi-user mode, log in and test the root password now.

Why we change the root password at level S is only to ensure that the root user at the state without password is not exposed to others. If started in multi-user mode, there is a degree of security risk till the root password is set.

Should say that the servers should be kept out of reach from casual users so that your server will not be so easily 'defeated', worse, lost, like the case in HK recently (May 2008).

----------------

One trick i tried, if somehow, someone still have a root session with the server, use the login command. This should prompt you that password has expired and force you to change. Follow accordingly and you should be able to use the new root password now... :) Good luck!