Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Micro Focus Contributor
Micro Focus Contributor
282 views

about IDM with AIX issue

Hi All.

i have a partner that feedback IDM have a problem. they want to use IDM to sync AIX's password but AIX's password length over 8 bytes will cause user only input 8 bytes will pass login. they find docuement as following url. they follow this  

https://www.novell.com/coolsolutions/tip/19032.html

 

Labels (1)
0 Likes
8 Replies
Knowledge Partner
Knowledge Partner

Re: about IDM with AIX issue

I think you will need to try and clarify this.

The Linux/Unix driver, which supports AIX, uses what amounts to a scripting driver on the AIX box that calls AIX commands against the local password files.

 

So, are you running in NIS, files, NIS+ or pam_ldap (which in AIX is lam not pam, I think).

I would suggest you consider using Pam LDAP (or LAM in the AIX case) to allow logins on AIX direct against eDir.  Simpler. 

eDir supports longer than 8 char passwords. I was pretty sure AIX uses longer than 8 char passwords (unless you are very ancient). 

So where do you think the issue resides?

 

0 Likes
Knowledge Partner
Knowledge Partner

Re: about IDM with AIX issue

I don't have experience with this driver, but I can confirm, that many AIX implementations still use 8-characters long password (for backward compatibility)

Prior to AIX 5.3 TL7 and AIX 6.1, there was an 8 character limit on AIX user passwords. If you need passwords of greater than 8 characters then you must enable one of the supplied Loadable Password Algorithms (LPAs). The following table lists the available algorithms and the limitations of each:

 
 

pwd_algorithm_table

Micro Focus Contributor
Micro Focus Contributor

Re: about IDM with AIX issue

Hi al_b

I didn't trained IAM before so not sure how to enable one of the supplied Loadable Password Algorithms (LPAs)? Does have any docuement for this and thanks. 

 

 

 

0 Likes
Knowledge Partner
Knowledge Partner

Re: about IDM with AIX issue

>I didn't trained IAM before so not sure how to enable one of the supplied Loadable Password Algorithms (LPAs)? 

I don't think, that changes of internal critical AIX settings are the task for IDM consulter, but at the same time I know, that many of "similar" critical tasks always left for "external consultants" (as internal folks don't feel comfortable to touch critical settings).

Anyway, I will provide a couple of links below

From documentation:

https://www.ibm.com/support/knowledgecenter/en/ssw_aix_72/security/long_passwords.html

Howto to enable the MD5 algorithm, from AIX blog:

https://www.ibm.com/developerworks/community/blogs/cgaix/entry/aix_support_for_passwords_greater_than_8_characters1?lang=en 

P.S. I have absolutely no experience in AIX management and support

0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: about IDM with AIX issue

hi Sir,

Thanks for your information

0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: about IDM with AIX issue

Hi Geoffc.

i am new blood of this field so i didn't know PAM can use on AIX. But you sure IAM can support more than 8 char password so how to config it? Thanks

 

BR

Bill

 

 

0 Likes
Knowledge Partner
Knowledge Partner

Re: about IDM with AIX issue

I think it is called a LAM on AIX or was last time I looked.  As for 8 char passwords,  I think Alex's links above are where I would start.

0 Likes
Knowledge Partner
Knowledge Partner

Re: about IDM with AIX issue

PAM also available on AIX

https://www.ibm.com/developerworks/community/blogs/paixperiences/entry/aix_ldap_quick_n_dirty?lang=en

https://www.ibm.com/support/knowledgecenter/en/ssw_aix_72/security/pam_lam.html

From my experience, AIX systems play a "critical" role in the organization and AIX support team decline any configuration changes without IBM approval.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.