IBM PowerSC MFA requirements
This section describes the hardware and software requirements for installing IBM® PowerSC MFA.
Software requirements
You can install the IBM
PowerSC MFA components as described in
Table 1.
| Component | Location of Installation |
|---|---|
| IBM PowerSC MFA server and GUI components | Separate LPAR or VM that is running AIX® 7.1 with Technology Level 5 or later, or AIX 7.2 with Technology Level 2 or
later. The security.pkcs11 fileset is an installation prerequisite. |
| IBM PowerSC MFA PAM modules | Every AIX operating system, Virtual I/O Server
(VIOS), Red Hat Enterprise Linux Server, or SUSE Linux Enterprise Server for which you want to use IBM
PowerSC MFA for authentication. The AIX operating system must be at the following versions:
The Virtual I/O Server version must be at the following version:
The Red Hat Enterprise Linux Server must be at the
following versions:
The SUSE Linux Enterprise Server must be at the
following versions:
|
| IBM PowerSC MFA pam_pkcs11 PAM module. | An AIX system to which the user's smart
card reader is directly attached to a USB port, running AIX
7.1 Technology Level 5 SP1 or AIX 7.2 Technology Level 2
SP1. Select the appropriate link to download the interim fix (iFix) for the version of the AIX operating system:
In addition, for AIX 7.2 Technology Level 2 SP1, also download the interim fix (iFix) for xlock: http://aix.software.ibm.com/aix/ifixes/ij04454/IJ04453s0a.AIX72TL00.180228.epkg.Z The bos.ahafs file set is required. The IBM PowerSC MFA installation creates the /aha directory, and mounts the AHAFS file system on it. |
Hardware requirements for in-band PIV/CAC authentication type
IBM
PowerSC MFA has been tested with the tokens, readers, and
cards shown in Table 2. Other hardware
components might also work, but have not been tested.
| Component | Model |
|---|---|
| Authentication token | Yubikey 4 |
| Smart card readers |
|
| Keyboard embedded smart card readers | ACS ACR38K-E1 |
| Smart cards |
|