What steps are required to configure stock OpenSSH to use PAM on AIX
Before enabling ssh to use PAM authentication it is recommended that you leave an additional login window open with root access until you verify that ssh with PAM authentication is working properly. If PAM is not configured correctly you will not be able to log into the machine to correct the configuration problem until you boot the machine into maintenance mode and change /etc/security/login.cfg back to its original state.
1) Edit the /etc/pam.conf file
# vi /etc/pam.conf
Add the following sshd lines:
sshd auth required /usr/lib/security/pam_aix
# Account Management
sshd account required /usr/lib/security/pam_aix
# Password Management
sshd password required /usr/lib/security/pam_aix
# Session Management
sshd session required /usr/lib/security/pam_aix
2) Edit /etc/ssh/sshd_config
# vi /etc/ssh/sshd_config
Uncomment the UsePAM line and change UsePAM = no to UsePAM = yes.
3) Edit /etc/security/login.cfg
# vi /etc/security/login.cfg
Change this line from:
auth_type = STD_AUTH
auth_type = PAM_AUTH
Stop and restart sshd.
# stopsrc -s sshd
# startsrc -s sshd
Note: The above steps are not required if customer use Centrify-enabled OpenSSH which is
compiled and configured for PAM and Kerberos.