APAR status
Closed as program error.
Error description
On systems using Loadable Password Algorithm Model (LSHA) in pwdalg.cfg, running the "pwdck" command returns an error for corresponding LSHA password entries in /etc/security/passwd. Here are two examples of entries in pwdalg.cfg for which running "pwdck" returns invalid results: 5: lpa_module = /usr/lib/security/lsha lpa_options = algorithm=sha256,prefix_dollar, rounds=656000,salt_len=16 6: lpa_module = /usr/lib/security/lsha lpa_options = algorithm=sha512,prefix_dollar, rounds=656000,salt_len=16 "pwdck" output: The user "XX" has an invalid password attribute. Bad line found in /etc/security/passwd: " password = $6$rounds=656000$<..encrypted passwd..>" Running "pwdck -y" erroneously removes the entire attribute line from /etc/security/passwd due to an additional "=" character on the line.
Local fix
Problem summary
On systems using Loadable Password Algorithm Model (LSHA) in pwdalg.cfg, running the "pwdck" command returns an error for corresponding LSHA password entries in /etc/security/passwd. Here are two examples of entries in pwdalg.cfg for which running "pwdck" returns invalid results: 5: lpa_module = /usr/lib/security/lsha 5: lpa_options = algorithm=sha256,prefix_dollar, lpa_module = /usr/lib/security/lsha lpa_options = algorithm=sha256,prefix_dollar, rounds=656000,salt_len=16 lpa_module = /usr/lib/security/lsha 6: lpa_options = algorithm=sha512,prefix_dollar, lpa_module = /usr/lib/security/lsha lpa_options = algorithm=sha512,prefix_dollar, "pwdck" output: The user "XX" has an invalid password attribute. rounds=656000,salt_len=16curity/passwd: password = $6$rounds=656000$<..encrypted passwd..>" "pwdck" output: The user "XX" has an invalid password attribute.e Bad line found in /etc/security/passwd:d due to an " password = $6$rounds=656000$<..encrypted passwd..>" Running "pwdck -y" erroneously removes the entire attribute line from /etc/security/passwd due to an additional "=" character on the line.
Problem conclusion
Modify pwdck to allow for LSHA password entries in /etc/security/passwd that have two "=" characters, such as: password = $5$rounds=656000$<..encrypted_password..> password = $6$rounds=656000$<..encrypted_password..>
Temporary fix
Comments
APAR Information
APAR number
IJ28872
Reported component name
AIX V7.2
Reported component ID
5765CD200
Reported release
720
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Submitted date
2020-10-22
Closed date
2021-05-03
Last modified date
2022-02-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX V7.2
Fixed component ID
5765CD200
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSVEF8"},"Platform":[{"code":"PF053","label":"Power Systems"}],"Version":"720","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Document Information
Modified date:
03 February 2022