In an AIX/UNIX system, security is based on rights to access files and commands. Some of these files and commands are more protected than others, especially if they are very sensitive because they can corrupt the system, resulting in a loss of data for the users and applications.
Accordingly, any user has two forms of identification: a user name and a user ID. This enables a user to access some files and commands and to have limited rights such as “read”, “write” or “execute” applied to a file or a command, associated with the user ID. In addition to the user name and the user ID, each user has a password which is required to enter a file or a command to which he may access.
In an AIX/UNIX system, there is a super user, also named the “root”, who is the system administrator. He is associated with the user ID=0, which provides him with all system administrator functions. As any other user, the system administrator has a password which is disclosed with considerable care by providing “roles” which are authorizations that allow a user to execute functions normally executed by the “root” user.
It is said that the security of the system is no better than the weakest password, because once person has access to a user's account, it is possible for this person to exploit weaknesses in the system configuration and gain access to the root's account or mount a denial of service attack from the system.
There is a normal UNIX command to change a password. This command may be used by any user to change its own password or by the system administrator (“root”) to change any user's password. It is usually convenient for the system administrator to set an initial password for a new user in order to activate the new user's account. In such a case, the system administrator has to set up a connection (Telnet) to the station where is the user, and then he is prompted to enter a new password only known by himself.
Periodically, or when the system has been hacked, the security requires password changes for all the stations of the system. As mentionned above, changing a password implies a network connection for each password. During this connection, the system administrator must log as root user, enter the password command and then enter the new password twice for checking. The problem is that changing the passwords is a vast undertaking for the system administrator when there are several hundred AIX/UNIX users.