IBM Support

IJ40842: AIX PAM SUPPORT

A fix is available

IBM Tivoli Monitoring 6.3.0 Fix Pack 7 Service Pack 13 (6.3.0.7-TIV-ITM-SP0013)

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • *************************** APAR Template
*****************************



Please open an apar with the following severity and
information:

Severity:    4


Approver:   RL





Enter the L2 engineer who did the recreate or "None":


L2 engineer: None

Compid:      5724C04MS Tivoli Enterprise Management Server


Abstract:    AIX PAM support




Environment:


 AIX 7.X
 ITM 630 FP7
 Do you think the latest patch applied is involved? No


Problem Description:


Enhancement to IBM Tivoli Monitoring Server to support
Pluggable Authententication Module  (PAM) on AIX.
Detailed Recreation Procedure:


 Currently the IBM Tivoli Monitoring Server does not use PAM for
user authentication on AIX.

 So altering the contents of the /etc/security/login.cfg file
for auth_type from STD_AUTH to PAM_AUTH

does not impact the authentication of tacmd users.  LAM, the
default, authentication for AIX is still used.

Related Files and Output:







************************ End of APAR Template
*************************

Local fix

  • 



Problem summary


    

  • Enable AIX PAM support for the TEMS

    



Problem conclusion


    

  • If PAM is enabled on AIX, allow the TEMS to use its services if
the TEMS' configuration file environment variable
KDS_VALIDATE_EXT is present.  Additionally, independent of the
TEMS' configuration setting of KDS_VALIDATE_EXT , the TEMS will
now enforce the Operating System's user policy regarding
repeated failed login requests.

Note: Before enabling ITM to use PAM authentication it is
recommended that you leave an additional login window open with
root access until you verify that ITM with PAM authentication is
working properly.  If PAM is not configured correctly you will
not be able to log into the machine to correct the configuration
problem until you boot the machine into maintenance mode and
change /etc/security/login.cfg back to its original state.


The fix for this APAR is contained in the following maintenance
packages:

   | service pack | 6.3.0.7-TIV-ITM-SP0013

    



Temporary fix


    

  • N/A

    



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ40842
    • 

  • Reported component name
    TEMS
    • 

  • Reported component ID
    5724C04MS
    • 

  • Reported release
    630
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-06-24
    • 

  • Closed date
    2022-10-04
    • 

  • Last modified date
    2022-10-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    TEMS
    • 

  • Fixed component ID
    5724C04MS
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"630","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 March 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback