Original Message:
Sent: Fri June 06, 2025 09:30 AM
From: Paul Watson
Subject: Is Informix dependant on password cypher algorithm?
This approach was rejected at one of my sites after a security review, however using ACL to control the access was allowed.
PAM could not be used cos the client layer was still 3.70 CSDK and the customer didn't want to rebuild the entire app layer for PAM
On 6/6/2025 8:19 AM, Andreas Legner via IBM TechXchange Community wrote:
0100019745653f7e-785551b0-64b9-452a-af70-93c38afaa60b-000000@email.amazonses.com">
chmod o+x /etc/security chmod o+r /etc/security/pwdalg.cfg Decide for yourself if this creates any security problem - I haven't found anyone yet...
Original Message:
Sent: 6/6/2025 9:19:00 AM
From: Andreas Legner
Subject: RE: Is Informix dependant on password cypher algorithm?
chmod o+x /etc/security
chmod o+r /etc/security/pwdalg.cfg
Decide for yourself if this creates any security problem - I haven't found anyone yet capable of explaining one to me.
Alternatively you'd had to switch to using PAM.
------------------------------
Andreas Legner
Informix Dev
HCL Software
Original Message:
Sent: Fri June 06, 2025 09:12 AM
From: Dennis Melnikov
Subject: Is Informix dependant on password cypher algorithm?
Hi,
IBM Informix Dynamic Server Version 11.70.FC5XE
AIX 7.1.3.5
While using a default pwd_algorithm (crypt) in /etc/security/login.cfg we have no problem connecting to Informix via network.
To strengthen security I set pwd_algorithm to ssha512. After that users that renewed their passwords, thus cyphering them with SSHA512, lost an ability to directly log in to Informix via network.
How to make it tolerable to more robust cyphers?
------------------------------
Sincerely,
Dennis
------------------------------