3004-503 Cannot set process credentials
# pam.conf sshd auth required /usr/lib/security/pam_aix use_new_state use_first_pass sshd account required /usr/lib/security/pam_aix sshd password required /usr/lib/security/pam_aix sshd session required /usr/lib/security/pam_aix
# /etc/ssh/sshd_config uncomment the UsePAM line and change UsePAM = no to UsePAM = yes.
# chsec -f /etc/nscontrol.conf -s authorizations -a secorder=files,LDAP
# lsattr -El sys0 shows system variables in the ODM database.
# chdev -l sys0 -a max_logname=30did it work?*
# getconf LOGIN_NAME_MAX 30yeah.
# nfso -p -o nfs_use_reserved_ports=1* Why?
because sometimes you have users with groups and names longer than 8 characters.
if so, if their primary GID is one of those groups, or if their uids are longer than 8 characters, no logon.
first hint... tried to su as a user, only first 8 characters shown.
did an lsgroup and the group did not exist.
did an lsgroup ALL and saw that the LDAP group had no content.