Support for passwords greater than 8 characters

In AIX 5.2 and 5.3(pre TL7), there has been a 8 character password limitation when using the one-way hash function crypt().
AIX 5.3 TL7 and AIX 6.1 introduce Loadable Password Algorithm (LPA).
Each supported password encryption algorithm is implemented as a LPA load
module that is loaded at runtime when the algorithm is needed. The supported LPAs, and its attributes, are defined in system configuration file
/etc/security/pwdalg.cfg.
----------------------------------------------------------------------------------
the different algorithms are
MD5---------------->255
SHA1--------------->255
SHA265------------->255
SHA512------------->255
Blowfish----------->72
--------------------------------------------------------------------------------
NOTE: Without the pwd_algorithm entry in /etc/security/login, the default value is
"crypt" which is the legacy crypt() function.
----------------------------------------------------------------------------------
Applying one of the new passwd hashing algorithms

To select a different LPA, the system administrator can either use the chsec command or manually edit the /etc/security/login.cfg file.

Using chsec command
Use the following chsec command to set "smd5" LPA as the system wide
password encryption module:
chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=smd5

When using the chsec command to modify the pwd_algorithm attribute, the command checks the /etc/security/pwdalg.cfg to verify the chosen LPA. The command fails if the check are failed.

Using editor
When administrator manually changes the pwd_algorithm attribute value in
/etc/security/login.cfg using an editor, please make sure that the chosen value is a name of a stanza that is defined in /etc/security/pwdalg.cfg file.

Comments

Post a Comment

Popular posts from this blog

Installing and configuring the storage agent (AIX)

The storage agent must be installed on a client system that has connections to storage resources on the SAN. Before beginning this procedure: Verify that your system meets the hardware and software requirements. Be sure that you have the information recorded in the configuration-information work sheets. Close all existing Tivoli® Storage Manager products prior to installing the storage agent. Installation will stop if an active Tivoli Storage Manager process is detected. If this occurs, close all active Tivoli Storage Manager products and retry installing the storage agent. The storage agent honors the Tivoli Storage Manager server environment variables DSMSERV_CONFIG. The instructions in this section are shown using the Software Management and Installation Tool (SMIT). You can also use the Install and Update Software Manager (installm). To reduce workload and processing time and to optimize LAN-free performance, do not install the storage agent and the Tivoli Storag
Read more

Breaking mirrors on an existing mksysb

To restore a mksysb without mirroring. the following procedure can be used NOTE: Access to another AIX system and an AIX formatted diskette is required to perform this procedure.  All references to the tape device in the next section are as rmt0. On another AIX system, place the mksysb tape in the tape drive. Change the block size of the tape drive to 512 by running: chdev -l rmt0 -a block_size=512   Create a temporary directory in /tmp called newdata .   mkdir /tmp/newdata Change to the /tmp/newdata directory. Enter:   cd /tmp/newdata    Make sure that the tape is rewound. Enter: tctl -f /dev/rmt0 rewind    Restore the image.data file from the second image of the mksysb tape. Enter: restore -s2 -xqvf /dev/rmt0.1 ./image.data    Edit the /tmp/newdata/image.data file and make changes to each of the lv_data stanzas as in
Read more

Move a file system to another volume group

How to move FS to anotherVG UNMOUNT fs Copy the source logical volume to the desired volume group with the cplv command. For example, where myvg is the new volume group and mylv is the name of the user's logical volume, enter:        cplv -v myvg mylv This will return the name of the new logical volume, such as lv00. 2- To make a new JFS log, enter the following command, where myvg is the name of the new volume group, enter:        mklv -t jfslog  myvg 1 To make a new JFS2 log, enter:      mklv -t jfs2log  myvg 1 ** This new logical volume will need to be formatted with the logform command in order to function properly as either a JFS or JFS2 log. For example:        logform /dev/loglv00 Answer yes to destroy. 3-Change the filesystem to reference a log device that exists in the new volume group and the new logical volume with the chfs command. For example, where myfilesystem is the name of the user's filesystem, enter:        chfs -a dev=/dev/lv00 -a log=/dev/loglv00 /myf
Read more