LPA Enhanced Security: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 4: | Line 4: | ||
# Information for the <tt>'''pwd_algorithm'''</tt> attribute is contained in <tt>'''/etc/security/pwdalg.cfg'''</tt> file. | # Information for the <tt>'''pwd_algorithm'''</tt> attribute is contained in <tt>'''/etc/security/pwdalg.cfg'''</tt> file. | ||
# Add the LPA <tt>'''pwd_algorithm'''</tt> to the <tt>'''usw'''</tt> stanza in <tt>'''/etc/security/login.cfg'''</tt> | # Add the LPA <tt>'''pwd_algorithm'''</tt> to the <tt>'''usw'''</tt> stanza in <tt>'''/etc/security/login.cfg'''</tt> | ||
# | #: <tt>'''# chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=[ smb5 | ssha1 | ssha256 | ssha512 | sblowfish ]'''</tt> | ||
# To activate the LPA the user must login and change their password. | # To activate the LPA the user must login and change their password. | ||
Latest revision as of 21:06, 13 December 2017
Enabling LPA
LPA is a security enhancement to user password generation. Typically AIX only allows passwords that are at a max 8 characters in length. LPA extends the password length up to 255 characters. The table below describes the different algorithms and how they generate their hashes.
- Information for the pwd_algorithm attribute is contained in /etc/security/pwdalg.cfg file.
- Add the LPA pwd_algorithm to the usw stanza in /etc/security/login.cfg
- # chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=[ smb5 | ssha1 | ssha256 | ssha512 | sblowfish ]
- To activate the LPA the user must login and change their password.