Transparent LDAP-based authentication, Kerberos authentication and group lookup are supported on AIX®.
The following is what needs to be included in /usr/lib/security/methods.cfg and /etc/security/users when there is a need to manage accounts in different locations and use different authentication methods, such as Kerberos.
program = /usr/lib/security/LDAP
program_64 =/usr/lib/security/LDAP64
program = /usr/lib/security/KRB5A
program_64 = /usr/lib/security/KRB5A_64
options = tgt_verify=no,authonly,is_kadmind_compat=no
program = /usr/lib/security/KRB5
program_64 = /usr/lib/security/KRB5_64
options = kadmind=no
options = db=BUILTIN,auth=KRB5A
options = db=BUILTIN,auth=KRB5
options = db=LDAP,auth=KRB5A
options = db=LDAP,auth=KRB5
The following example shows four accounts managed differently. Each uses different authentication methods.
frank:
SYSTEM = files
registry = files
karen:
SYSTEM = KRB5files
registry = KRB5files
luke:
SYSTEM = KRB5LDAP
registry = KRB5LDAP
lucy:
SYSTEM = LDAP
registry = LDAP
$ lsuser -R LDAP lucy
lucy id=1234 pgrp=staff groups=staff home=/home/lucy shell=/bin/ksh registry=LDAP