Issue Description

This issue mostly occurs in cases where the account being changed is a system or functional account, and where there are multiple instances of the account in the BoKS database. The condition is usually triggered when the account password expires, and users are set to use the account password (vs. their own password) when switching (ie. su).

For example, an organization might have several root accounts:


In this example, the administrator wants to change the root password for the BoKS Master and Replicas. With the Master and Replicas all running on Solaris, the administrator changes the OS_SOLARIS_HOSTS:root password. When the administrator tries to login to the Master and switch to root, it fails.

The problem is that the administrator mistakenly changed the wrong root password. The administrator should have changed the BOKS_OS_HOSTS:root instead of the OS_SOLARIS_HOSTS:root password.

Resolution / Workaround

In this example, the Master and Replicas share a common root account. The Master's hostname is "master".

To fix the problem, the administrator must correctly identify the account that needs to be changed. This is easily done by determining the Host Groups where the Master is a member:

BoKS# hgrpadm -l | grep master | awk '{print $1}'

From this output we can see that the Master is in the BOKS_OS_HOSTS Host Group. If we then look for the root accounts:

BoKS# lsbks -l *:root

We can see that there is a match with BOKS_OS_HOSTS. From there, we can change the password of the correct root account:

BoKS# passwd BOKS_OS_HOSTS:root


This example used the root account, but this kind of issue can also occur with other functional accounts, for example oracle, apache, websphere, db2, and so on. The solution is the same: identify the correct account and make the appropriate change.

If there are overlapping Host Groups, ie. Host Groups that contain users with the same name on the same hosts, there will be problems with password file updates. There should never be a user defined in more than one Host Group if those Host Groups contain any of the same hosts. This condition can be guarded against by ensuring that the OVERLAPPING_ACCOUNT_CHECK variable is activated in the ENV file. Please see the BoKS Manager Administration Guide for more information on Overlapping User Accounts.

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: June 28, 2019