When attempting to log in with a QAS user, one of following errors is seen: "Cannot set process credentials"
Failed to set process credentials (might be be seen in sshd debug)
3004-010 Failed setting terminal ownership and mode.
This is typically due to the account's Primary GID (PGID) not being resolvable to a name.
From AIX 3.5 ML05 onwards, the OS will not permit an interactive log in to an account with a non-resolvable PGID.
This can also be caused by group names with spaces in them or other special characters that AIX does not accept. As well long group names that exceed the 'max_logname' value.
Ensure that the PGID selected for the Unix-enabled user(s) is resolvable to a name.
This could imply that you change the PGID for a user, or you could create a new group for the GID.
/opt/quest/bin/vastool nss getgrnam <group name>
Change the group or use the group-override option so that it complies with AIX character length restrictions.
1 - chdev -l sys0 -a max_logname=21
2 - reboot
This can also be caused when the max logname value is equal to or lower than the group name. This can be checked with this command.
# lsattr -El sys0 -a max_logname
This will report the current maximum login name length set at boot time, e.g. "max_logname 9 Maximum login name length at boot time True"
To increase the OS limit in AIX you can run the following command:-
# chdev -l sys0 -a max_logname=21
For this change to take effect the system must be rebooted.