HP OpenVMS Systems
You have forgotten, lost, misplaced, never knew, or otherwise need to change the password for the SYSTEM username. What now?
While a controlled system shutdown using SYS$SYSTEM:SHUTDOWN.COM would be prefered to directly halting the system as will be shown here, the ability to perform a controlled system shutdown implies privileged system access is available, and thus the ability to directly reset the SYSTEM username password.
If you should have access to a privileged username, log in under the privileged username and use the following commands to reset the password of the SYSTEM or any other username:
$ SET PROCESS/PRIVILEGE=ALL $ SET DEFAULT SYS$SYSTEM: ! or wherever SYSUAF.DAT resides $ RUN SYS$SYSTEM:AUTHORIZE UAF> MODIFY SYSTEM /PASSWORD=newpassword UAF> EXIT $
You are now done, and no further steps are required.
Assuming that you do not have access to a privileged username, you will have to use the following sequence of operations and commands. These operations and commands must be performed at the system console terminal, and will cause the OpenVMS system to halt and to then perform a conversational bootstrap.
First, examine the the translation of the SYS$TOPSYS logical name:
$ SHOW LOGICAL SYS$TOPSYS
Record the translation of this logical name for use later during this procedure.
You must now halt the OpenVMS system, then reboot it conversationally. The specific technique used to halt the system varies, but typically involves entering a CTRL/P character or the BREAK key at the system console terminal, or potentially by a using a keyswitch or a halt button on the system operator control panel. The specific mechanisms used can vary by platform and by processor; please consult the documentation for your particular platform for details.
Assuming the translation of the SYS$TOPSYS logical name is SYS0, the system is bootstrapping from the default system root and you will use one of the following commands to initiate a conversational reboot:
For VAX system consoles:
>>> B/1 or >>> B/R5:1 or >>> @GENBOO
For Alpha system consoles:
>>> b -fl 0,1
If your system uses a non-zero system root and thus SYS$TOPSYS does not translate as SYS0, note the numeric value appended to the translation. Assuming the logical name translation is SYS4 and thus the trailing digit is "4", the system is configured to bootstrap from the fourth system root on the disk and you must use the following console commands:
For VAX system consoles:
>>> B/40000001 or >>> B/R5:40000001 or >>> @GENBOO
For Alpha system consoles:
>>> b -fl 4,1
If your VAX system is sufficiently old and requires a command procedure on the console media such as GENBOO, the name of the command procedure can vary widely. Further, the procedure may or may not exist. And it is comparatively difficult to locate the directory listing of the console media without access to a privileged username. GENBOO.CMD is one of the most common choices for the name of this command procedure, but certainly not the only one. This console command procedure is typically used on the VAX-11/700 series and the VAX 8000 series; on VAX systems with console media. The MicroVAX series, VAXstation series, VAX 4000 series, VAX 6000 series, VAX 7000 series, and VAX 10000 series do not use this mechanism.
If you do not have access to GENBOO.CMD on the VAX console media and do not know the name of the conversational bootstrap procedure, you can manually trigger the standard bootstrap, and copy down the specific commands utilized. You will then need to halt the system bootstrap, and manually enter the commands. In particular, all commands save for the value specifically loaded into register R5 will have to be used unchanged. The console command that loads R5 will have the system root in the uppermost nibble, and must also have the lowest bit set.
If your VAX or Alpha system has a console hardware password, you will have to enter it to gain full access to the console boot command options. If you see the console error "Inv Cmd" while trying to perform the conversational bootstrap command but the non-conversational variant of the command works as expected, the console password is enabled. The usual mechanism to gain privileged console access is the console LOGIN command. If enabled and if you do not know the console password, you will have to contact your hardware support organization for assistance in resetting the password. The syntax used for the console password mechanism can and does vary.
Once you have triggered a conversational bootstrap and have reached the SYSBOOT prompt, you will want to request that OpenVMS read the system startup commands directly from the system console. This in place of reading the startup commands from the default OpenVMS system startup procedure, SYS$SYSTEM:STARTUP.COM. You will also want to disable the windowing system, if any, and you will want to request that the parameter changes not be recorded.
SYSBOOT> SET/STARTUP OPA0: SYSBOOT> SET WINDOW_SYSTEM 0 SYSBOOT> SET WRITESYSPARAMS 0 SYSBOOT> CONTINUE
Though the following is not specifically required here, you will have to perform an additional step if you wish to completely disable the DECwindows startup procedures. In particular, you will have to define the following logical name within SYLOGICALS.COM:
The CONTINUE command shown above will cause OpenVMS to continue the bootstrap. Eventually, OpenVMS will issue a $ prompt on the console terminal. You must type the following two commands, exactly as shown:$ DEFINE/SYSTEM/EXEC DECW$IGNORE_WORKSTATION TRUE
$ SPAWN $ @SYS$SYSTEM:STARTUP
The result of these two commands will be the invocation of normal system startup, but you will be left logged in on the console, running under a privileged username. Without the use of the SPAWN command, you would be logged out when the startup completes.
If necessary, you can skip the invocation of the system startup temporarily, and perform tasks such as registering license PAKs or various other "single-user" maintenance operations.
Use the following commands to reset the SYSTEM password:
$ SET DEFAULT SYS$SYSTEM: ! or wherever SYSUAF.DAT resides $ RUN SYS$SYSTEM:AUTHORIZE UAF> MODIFY SYSTEM /PASSWORD=newpassword UAF> EXIT $
These AUTHORIZE commands will change the SYSTEM password to the specified new newpassword password value. You can shut down the system and reboot with the new SYSTEM username, or potentially simply LOGOUT of the console session to allow the system startup to complete.
Another approach often suggested involves using the UAFALTERNATE SYSGEN parameter. This approach is not always as reliable and is thus not recommended, as there can easily be an alternate user authorization file configured on the system. If the alternate file is configured, an approach based on resetting UAFALTERNATE will fail.
For further information on emergency startup and shutdown, as well as for the official OpenVMS documentation on how to change the SYSTEM password from the console in an emergency, please see the OpenVMS System Manager's Manual in the OpenVMS documentation set.