LPA Enhanced Security

From UNIX Systems Administration
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Enabling LPA

LPA is a security enhancement to user password generation. Typically AIX only allows passwords that are at a max 8 characters in length. LPA extends the password length up to 255 characters. The table below describes the different algorithms and how they generate their hashes.

  1. Information for the pwd_algorithm attribute is contained in /etc/security/pwdalg.cfg file.
  2. Add the LPA pwd_algorithm to the usw stanza in /etc/security/login.cfg
    # chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=[ smb5 | ssha1 | ssha256 | ssha512 | sblowfish ]
  3. To activate the LPA the user must login and change their password.

Further Reading

  1. Does AIX support passwords longer than 8 characters?
Retrieved from "http://www.outlandsmud.com/wiki/index.php?title=LPA_Enhanced_Security&oldid=1180"