Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-91461 | AIX7-00-001104 | SV-101559r1_rule | Medium |
| Description |
|---|
| If LDAP authentication is used, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2019-04-29 |
Details
| Check Text ( C-90615r5_chk ) |
|---|
| Run the following command to check if ldap_auth is used: # grep -iE "^authtype:[[:blank:]]*ldap_auth" /etc/security/ldap/ldap.cfg If the command has no output, this is Not Applicable. Run the following command to check if SSL is used: # grep -iE "^useSSL:[[:blank:]]*yes" /etc/security/ldap/ldap.cfg useSSL:yes If the command has no output, this is a finding. |
| Fix Text (F-97659r1_fix) |
|---|
| Configure the LDAP client on AIX to use the SSL. Edit /etc/security/ldap/ldap.cfg to have the following line: useSSL:yes Restart the client daemon: # secldapclntd. |