Originally posted by: sstrickler

I work in a mixed environment of approximately 1500 AIX and 1500 Linux hosts.  Account management is not where it should be, and it is not going to change for 12-24 months.  Currently, all account provisioning and maintenance is performed on one of the AIX hosts.  When an account is created, it is pushed to other hosts based on group membership.  The DES encrypted password is also pushed.  Passwords can also be reset on the central host and pushed.  The DES encrypted password is cross-compatible on the AIX and Linux hosts.

Due to audit requirements, the password algorithm must be changed to support passwords longer than 8 characters.  In testing the sha512 LPA, I have found that we lose our cross-platform compatibility.  The salted password can be used on AIX for verification; however, it looks like it cannot be used on Linux.  I am looking for an LPA solution that will generate a hash that is compatible with the Linux hashing algorithm.

Any ideas?

Originally posted by: TimGilson

You can change the default algorithm used to encrypt passwords on AIX - I believe these two files are involved and will hopefully point you in the right direction:

/etc/security/pwdalg.cfg

/etc/security/login.cfg

Tim

Originally posted by: Dave_A

Did you ever find a solution to this?  I just ran into the same problem, sha-512 encrypted passwords are not compatible between AIX and Linux.  I tried setting the cost and salt length in pwdalg.cfg to match Linux but it still didn't work.