login about faq

For an LPAR running AIX 7.1 TL0 SP3 and Tectia (6.0.18 or 6.2.0), if you try to set up a private/public key pair for a functional account and connect into the LPAR, this fails if the account has no password set i.e. if the shadow field for the functional account (in file /etc/security/passwd) has a line: "password = *"

However, iff the LPAR is running AIX 7.1 TL0 SP2 the public key authentication works for with that same use case.

Why?

asked Sep 27 '11 at 16:10

SSH%20KB's gravatar image

SSH KB ♦
509250247238


The reason seems to be a bug/regression in AIX operating system´s 5.3, 6.1 and 7.1.

It is described in this APAR: https://www-304.ibm.com/support/docview.wss?uid=isg1IV03655

"passwdexpired() function return value has been changed. In AIX 5.3,6.1 and 7.1 releases, passwdexpired function returns zero, and in AIX 5.2 it returns non-zero value when password is set to *."

Problem conclusion: A new attribute "unix_passwd_compat" has been introduced under user configuration stanza (usw) in /etc/security/login.cfg file. When this attribute is set as "true", passwdexpired() function returns non-zero value, compatible with other UNIX and AIX 5.2, when user password is set to "" in /etc/security/passwd file. When this attribute is set to false (default value), passwdexpired() function returns 0 if the password value is "" for the user in the /etc/security/passwd file. Valid values are "true" or "false"."

link

answered Sep 27 '11 at 16:13

bca's gravatar image

bca
4691012

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×54
×9

Asked: Sep 27 '11 at 16:10

Seen: 7,767 times

Last updated: Sep 27 '11 at 16:13

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.