LPA Enhanced Security

From UNIX Systems Administration
Jump to: navigation, search

Enabling LPA

LPA is a security enhancement to user password generation. Typically AIX only allows passwords that are at a max 8 characters in length. LPA extends the password length up to 255 characters. The table below describes the different algorithms and how they generate their hashes.

  1. Information for the pwd_algorithm attribute is contained in /etc/security/pwdalg.cfg file.
  2. Add the LPA pwd_algorithm to the usw stanza in /etc/security/login.cfg
    # chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=[ smb5 | ssha1 | ssha256 | ssha512 | sblowfish ]
  3. To activate the LPA the user must login and change their password.

Further Reading

  1. Does AIX support passwords longer than 8 characters?