AIX 5.3 natively supports the Pluggable Authentication Module (PAM) Framework; Post-installation AIX is configured to utilize Standard Authentication rather than PAM.
The following steps outline how to enable PAM on AIX 5.3:
usw: shells = ... maxlogins = 32767 logintimeout = 60 auth_type = PAM_AUTH
Only use the filename of the modules (both should have the same filenames), not a fully quantified path to the module for the module_path section of the Password Synchronizer PAM Module entry. When the PAM Framework loads your module it will either use the 32-bit or 64-bit version, depending on the Operating System mode. If the Operating System is in 32-bit mode then the path to the Password Synchronizer PAM module (pamlibtivoli.so) will be resolved to /usr/lib/security/pamlibtivoli.so. However if the Operating System is in 64-bit mode, the path to the module will be resolved to /usr/lib/security/64/pamlibtivoli.so. Specifying an absolute path to the Password Synchronizer PAM Module binds the PAM Framework to one specific mode only (32-bit or 64-bit).
chmod 555 /usr/lib/security/libpamtivoli.so chown root:system /usr/lib/security/libpamtivoli.so chmod 555 /usr/lib/security/64/libpamtivoli.so chown root:system /usr/lib/security/64/libpamtivoli.so
login password required /usr/lib/security/pam_aix passwd password required libpamtivoli.so use_first_pass /opt/IBM/TDI/V7.1/pam/pwsync.props rlogin password required /usr/lib/security/pam_aix su password required /usr/lib/security/pam_aix telnet password required /usr/lib/security/pam_aix OTHER password required /usr/lib/security/pam_prohibit
useradd testuser passwd testuser telnet localhost