UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

IF LDAP is used, AIX LDAP client must use SSL to authenticate with LDAP server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-91297 AIX7-00-001045 SV-101395r1_rule High
Description
While LDAP client's authentication type is ldap_auth (server-side authentication), the client sends password to the server in clear text for authentication. SSL must be used in this case.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2019-04-29

Details

Check Text ( C-90451r1_chk )
Run the following command to check if "authtype" is "ldap_auth":
# grep -iE "^authtype:[[:blank:]]*ldap_auth" /etc/security/ldap/ldap.cfg

The above command should yield the following output:
authtype:ldap_auth

Run the following command to check if SSL is not used in the "/etc/security/ldap/ldap.cfg" file:
# grep -iE "^useSSL:[[:blank:]]*yes" /etc/security/ldap/ldap.cfg

The above command should yield the following output:
useSSL:yes

If the first command displays "authtype:ldap_auth" but the second command does not display "useSSL:yes", this is a finding.
Fix Text (F-97495r1_fix)
Edit the "/etc/security/ldap/ldap.cfg" file to have the following line:
useSSL:yes

Configure the LDAP server and LDAP client to use the SSL according to AIX LDAP documentation.

Restart the client daemon:
# restart-secldapclntd