Upgrading AIX 6.1 toTL02-03 or TL02-04 causes authentication to stop/fail.
The problem is caused during the application of TL02-03 or TL02-04for AIX 6.1. IBM replaces the methods.cfg file with a default version, causing any changes to this file to be lost. This will effectively result in any, previously configured, 3rd party authentication to fail(which includes QAS). This default methods.cfg has been identified in the following fileset from the upgrade:
# lslpp -w /etc/methods.cfg
File Fileset Type
----------------------------------------------------------------------------
/etc/methods.cfg bos.rte.security File
# lslpp -L bos.rte.security
Fileset Level State Type Description (Uninstaller)
----------------------------------------------------------------------------
bos.rte.security 6.1.2.3 C F Base Security Function
In this update, IBM replaced /usr/lib/security/methods.cfg with a symlink to a new file, /etc/methods.cfg. The issue arises because this new file is the default, and does not contain the machines previous configuration. Since QAS is still in /etc/security/user, the machine now has an invalid LAM configuration, and that can deny login of ALL users.
Before upgrading back up your existing /usr/lib/security/methods.cfg so it can be restored.
# cp /usr/lib/security/methods.cfg /etc/methods.cfg.bak
Once you have applied TL02-03 or TL02-04for 6.1 you must copy your backed up methods.cfg to the new locationin order for QAS authentication to be restored.
# cp /etc/methods.cfg.bak /etc/methods.cfg
If you have a basic installation you may also run the following after the upgrade to have QAS reconfigure the methods.cfg for you.
# vastool configure irs
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center