Problem(Abstract)
When configuring IDS to use LPA (ssha1, ssha256 ,sblowfish, smb5, etc) you get -951/-952 errors on AIX
Cause
The underlaying problem is that the default settings on AIX for the LPA mapping config file are
such that only root can read the file. Crypt() function in IDS is run on a CPU VP which is non-root and AIX requires it to be run as root if using LPA, a workaround is to use PAM (which will use MSC VP for authentication )
Resolving the problem
Use PAM to configure LPA on AIX
Following example instructions to set it:
1) Add to /etc/pam.conf:
idslogin auth required pam_aix
idslogin account required pam_aix
2) Define DBSERVERALIAS ids_pam_srv
3) Add to SQLHOSTS:
ids_pam_srv onsoctcp <host> <port>
s=4,pam_serv=idslogin,pamauth=password
Don't forget to add an appropriate entry to /etc/services (if needed).
4) check /etc/security/login.cfg for:
auth_type = STD_AUTH
pwd_algorithm = sblowfish
5) and final IDS check:
bash-3.2$ dbaccess - -
> connect to "test@ids_pam_srv" user "tester";
ENTER PASSWORD:
Connected.
http://www-01.ibm.com/support/docview.wss?uid=swg21624912