Cannot Log Into AIX Server After Using Sepass
search cancel

Cannot Log Into AIX Server After Using Sepass

book

Article ID: 281503

calendar_today

Updated On: 12-01-2024

Products

CA Privileged Identity Management Endpoint (PIM) CA Virtual Privilege Manager CA Privileged Access Manager (PAM) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

The sepass utility was used to change a password on an AIX server, but the user cannot log in with the new password. Checking the passwd file before and after running sepass confirmed that the password was changed.

# awk '/pamscuser/{x=NR+2}(NR<=x){print}' /etc/security/passwd
pamscuser:
     password = {ssha512}06$ZfHP1.....
     lastupdate = 1711620180
# sepass
Enter pamscuser's old password:
Enter new password:
Verify new password:
Local password updated successfully.
# awk '/pamscuser/{x=NR+2}(NR<=x){print}' /etc/security/passwd
pamscuser:
     password = {ssha512}06$AdJB9.....
     lastupdate = 1712073414

Environment

Privileged Identity Manager, 12.8
PAM Server Control, 14.x

Cause

The password was changed, but it was not properly being encrypted due to the passwd_format token being set to NT in the seos.ini configuration file.

Resolution

The passwd_format token should not be set since it was an AIX endpoint, commenting it out of seos.ini allowed sepass to encrypt the passwords properly.

Additional Information

For more information about the passwd_format and other password related seos.ini tokens, refer to the documentation link below.

passwd