Password Recovery on Edge-Core AS4610 when the Internal Clock Has Reset



Recovering the password on the Edge-Core AS4610 platform may require additional steps if the internal clock has been reset.


  • Cumulus Linux 3.y.z


A clock reset occurs if the switch has been unplugged or powered down for an extended period of time. Resetting a user password before adjusting the system date may result in a negative value being set in the /etc/shadow in the third column "Date of Last Password Change". Once this occurs the current user account becomes disabled and that user cannot log in with this user account.

Essentially, password recovery fails if you set the time after changing the password. If NTP is configured, the switch may update the time automatically during a full boot.

Below is an example of a /etc/shadow with a valid root user entry and an invalid cumulus user entry — note the negative value for "Date of Last Password Change":



Before attempting to recover the password, ensure that the system and hardware clocks are set correctly first.

Set the year to a minimum of 2000, as the hardware clock is not designed to accept dates before this time. Attempting to set a date prior to this results in the date being set into the future, which invalidates the user when normal time is restored.

  1. From the console, boot the switch, interrupting the U-Boot countdown to enter the U-Boot prompt. Enter the following:
    => run cl_bootrecover
  2. Set the operating system time and push the value to the hardware clock:
    # date -s 20161208
    Thu Dec  8 00:00:00 UTC 2016
    # hwclock -w
  3. Confirm the hardware clock time:
    # hwclock -r
    Thu 08 Dec 2016 12:01:09 AM UTC  -0.921842 seconds
  4. Reset the password:
    root@switch:~# passwd
    Enter new UNIX password:
    Retype new UNIX password:
    passwd: password updated successfully


Have more questions? Submit a request


Powered by Zendesk