Title

If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions. (Cat II impact)

Discussion

If LDAP authentication is used, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.

Check Content

Run the following command to check if ldap_auth is used: # grep -iE "^authtype:[[:blank:]]*ldap_auth" /etc/security/ldap/ldap.cfg If the command has no output, this is Not Applicable. Run the following command to check if SSL is used: # grep -iE "^useSSL:[[:blank:]]*yes" /etc/security/ldap/ldap.cfg useSSL:yes If the command has no output, this is a finding.

Fix Text

Configure the LDAP client on AIX to use the SSL. Edit /etc/security/ldap/ldap.cfg to have the following line: useSSL:yes Restart the client daemon: # secldapclntd.

Additional Identifiers

Rule ID: SV-215214r877394_rule

Vulnerability ID: V-215214

Group Title: SRG-OS-000250-GPOS-00093

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.