UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-91461 AIX7-00-001104 SV-101559r1_rule Medium
Description
If LDAP authentication is used, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2019-04-29

Details

Check Text ( C-90615r5_chk )
Run the following command to check if ldap_auth is used:

# grep -iE "^authtype:[[:blank:]]*ldap_auth" /etc/security/ldap/ldap.cfg

If the command has no output, this is Not Applicable.

Run the following command to check if SSL is used:

# grep -iE "^useSSL:[[:blank:]]*yes" /etc/security/ldap/ldap.cfg
useSSL:yes

If the command has no output, this is a finding.
Fix Text (F-97659r1_fix)
Configure the LDAP client on AIX to use the SSL.

Edit /etc/security/ldap/ldap.cfg to have the following line:
useSSL:yes

Restart the client daemon:
# secldapclntd.