Detections
Analytics
AIX7-00-001045 - IF LDAP is used, AIX LDAP client must use SSL to authenticate with LDAP server.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
While LDAP client's authentication type is ldap_auth (server-side authentication), the client sends password to the server in clear text for authentication. SSL must be used in this case.Solution
Edit the '/etc/security/ldap/ldap.cfg' file to have the following line:useSSL:yes
Configure the LDAP server and LDAP client to use the SSL according to AIX LDAP documentation.
Restart the client daemon:
# restart-secldapclntd
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V2R8_STIG.zip
Item Details
Audit Name: DISA STIG AIX 7.x v2r8
References: CAT|I, CCI|CCI-000197, Rule-ID|SV-215204r877396_rule, STIG-ID|AIX7-00-001045, STIG-Legacy|SV-101395, STIG-Legacy|V-91297, Vuln-ID|V-215204
Plugin: Unix
Control ID: 2ba3106d37816bf2bbe3ce8502cf0d5e90ef3588f5e8dd719332691d95ff0eaa