AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
 View Only
Expand all | Collapse all

LAM problem after AIX 5300-05-01 update

  • 1.  LAM problem after AIX 5300-05-01 update

    Posted Fri October 13, 2006 04:15 AM

    Originally posted by: SystemAdmin


    Hi,

    We have an AIX 5.3 machine that have an third-party LAM module installed. That module is basically used to provide access to remote users, so that remote user can login the machine via telnet, ssh, ftp, etc.

    We udpated the system from 5300-00 to 5300-05-01, and found that some of the services (e.g. telnet) were not working for local users, though remote users did not have this problem. After some investigation, it seems that the /bin/login does not work as it usually does.

    From the log of the third-party LAM module, this /bin/login asked for "account_locked" attribute of the local user at the very beginning, and the module returned failure with errno ENOENT. However, if the module (we changed it for testing) returns "false" and successful return code (0), then the local users are able to login.

    The authentication methods we used for default users (in /etc/security/user) is:
    SYSTEM = "REMOTESYS OR REMOTESYSNOTFOUND AND compat"

    I am thinking if this is a bug of the new AIX version. Any input will be greatly appreciated.

    Thanks,
    Eric
    #AIX-Forum


  • 2.  an idea

    Posted Wed October 18, 2006 09:08 AM

    Originally posted by: nagger


    The latest AIX 5.3M5 includes more security features to make tighten up security MUCH simpler.

    Check out the aixpert command.
    publib.boulder.ibm.com/infocenter/pseries/v5r3/topic/com.ibm.aix.cmds/doc/aixcmds1/aixpert.htm

    I am thinking some defaults might have changed due to the above additions which generally looks like a very good idea.

    Hope this helps, N
    #AIX-Forum