Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
IF LDAP is used, AIX LDAP client must use SSL to authenticate with LDAP server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-215204 | AIX7-00-001045 | SV-215204r877396_rule | High |
| Description |
|---|
| While LDAP client's authentication type is ldap_auth (server-side authentication), the client sends password to the server in clear text for authentication. SSL must be used in this case. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2023-02-13 |
Details
| Check Text ( C-16402r294063_chk ) |
|---|
| Run the following command to check if "authtype" is "ldap_auth": # grep -iE "^authtype:[[:blank:]]*ldap_auth" /etc/security/ldap/ldap.cfg The above command should yield the following output: authtype:ldap_auth Run the following command to check if SSL is not used in the "/etc/security/ldap/ldap.cfg" file: # grep -iE "^useSSL:[[:blank:]]*yes" /etc/security/ldap/ldap.cfg The above command should yield the following output: useSSL:yes If the first command displays "authtype:ldap_auth" but the second command does not display "useSSL:yes", this is a finding. |
| Fix Text (F-16400r294064_fix) |
|---|
| Edit the "/etc/security/ldap/ldap.cfg" file to have the following line: useSSL:yes Configure the LDAP server and LDAP client to use the SSL according to AIX LDAP documentation. Restart the client daemon: # restart-secldapclntd |