-
Title
Upgrading AIX 6.1 maintenance level to TL02-03 or TL02-04 causes machine to fail authentication -
Description
Upgrading AIX 6.1 toTL02-03 or TL02-04 causes authentication to stop/fail.
-
Cause
The problem is caused during the application of TL02-03 or TL02-04for AIX 6.1. IBM replaces the methods.cfg file with a default version, causing any changes to this file to be lost. This will effectively result in any, previously configured, 3rd party authentication to fail(which includes QAS). This default methods.cfg has been identified in the following fileset from the upgrade:
# lslpp -w /etc/methods.cfg
File Fileset Type
----------------------------------------------------------------------------
/etc/methods.cfg bos.rte.security File
# lslpp -L bos.rte.security
Fileset Level State Type Description (Uninstaller)
----------------------------------------------------------------------------
bos.rte.security 6.1.2.3 C F Base Security FunctionIn this update, IBM replaced /usr/lib/security/methods.cfg with a symlink to a new file, /etc/methods.cfg. The issue arises because this new file is the default, and does not contain the machines previous configuration. Since QAS is still in /etc/security/user, the machine now has an invalid LAM configuration, and that can deny login of ALL users.
-
Resolution
Before upgrading back up your existing /usr/lib/security/methods.cfg so it can be restored.
# cp /usr/lib/security/methods.cfg /etc/methods.cfg.bak
Once you have applied TL02-03 or TL02-04for 6.1 you must copy your backed up methods.cfg to the new locationin order for QAS authentication to be restored.
# cp /etc/methods.cfg.bak /etc/methods.cfg
If you have a basic installation you may also run the following after the upgrade to have QAS reconfigure the methods.cfg for you.
# vastool configure irs