Logins fail when ftp'ing using local ID. If a password is due to expire when ftp'ing you may see a message that the password is due to expire and then be denined access (example below). A telnet session shows that the password will expire and still allows the user to login. Removing VAS and setting login.cfg to LAM resolves the issue. There isn't an ftp problem for warning pw expired with vas v18.104.22.168 on AIX 5.3 TL11. The problem starts when AIX is on 5.3 TL12.
Issue is with IBM AIX 5.3 TL12 code and the way it works with PAM.
IBM has acknowledged a problem with there code and that it needs to be fixed.
Don't use TL12 or use LAM instead of PAM.