As usual for those blogentries, they will not describe the topic in detail, but more in a punctual way.
Find below some infos about ldap and kerberos in an AIX environment:
For LDAP authentification you need to edit /etc/security/user and check
auth1: SYSTEM OR LDAP
– auth_method LDAP/SYSTEM (or any other 3rd party)
– user defition can be altered to authentificate with 2 methods by adding a “AND” to the auth_methods
With LDAP configuration files like
can be read from the LDAP server (be aware that a 2way ldap server should be in place if you use this)
It is highly recommended to encrypt passwords (root has clear text view on them) and the general LDAP traffic
– client sie user authentification via SSL/TLS encryption
2 LDAP servers should be implemented in an environment, depending on which services are being kept by the LDAP server.
1 userlogin to an AIX system means 1 open socket (1024 sockets by default per AIX system / openfiles limit includes sockets)
default cache timeout of LDAP queries = 5 minutes. Can be flushed with secldapclntd