This article applies to BoKS Manager 6.7.0, 6.7.1 and 7.0.0.
IBM has added support for a Linux-compatible SHA512 password hashing algorithm on AIX 7.1 and 6.1. However, as this was not originally supported, BoKS does not support it on these platforms.
Resolution / Workaround
Apply hotfix HFBM-0120 for BoKS Manager 6.7 and HFBM-0121 for BoKS 7.0. These are available for download from the HelpSystems Community Portal.
These hotfixes add support for the Linux-compatible SHA512 password hashing algorithm on AIX 6.1, and 7.1.
NOTE: If any passwords in /etc/security/passwd are already in the Linux-compatible SHA512 password hash format (they start with $6$), this hotfix must be installed before running $BOKS_sbin/setup, otherwise setup will complain that there are unsupported password hashing algorithms present.
If this hotfix is installed after BoKS has been set up, you must restart BoKS (using Boot) so the newly-installed boks_clntd_helper is running.
If the AIX support for the Linux-compatible SHA512 password hashing algorithm has been installed, you must run:
chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=6
to enable it and make BoKS store password hashes in this format. You can check if it is enabled using:
lssec -f /etc/security/login.cfg -s usw -a pwd_algorithm
this command should return usw pwd_algorithm=6 if the algorithm is enabled.
The following TL are required for SHA512 support on AIX:
AIX 6.1 requires TL 6100-09-07-1614
AIX 7.1 requires TL 7100-04-00-0000
You must also apply the pwmod Licensed Program Product (LPP) package, which is available at: https://www.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp.
Additional instructions for getting LPA to run on AIX 6:
** Instructions on getting bos.rte.libc up to 184.108.40.206:
Make sure you have java installed and accessible in you web browser.
** Getting & installing Loadable Password Algorithm(LPA)
Still have questions? We can help. Submit a case to Technical Support.