Loadable Password Algorithm

AIX® 6.1 and later implemented a Loadable Password Algorithm (LPA) mechanism that can easily deploy new password encryption algorithms.

Each supported password encryption algorithm is implemented as a LPA load module that is loaded at runtime when the algorithm is needed. The supported LPAs and their attributes are defined in the /etc/security/pwdalg.cfg system configuration file.

An administrator can set up a system-wide password encryption mechanism that uses a specific LPA to encrypt the passwords. After the system-wide password mechanism is changed, passwords that are encrypted by the previous selected password encryption mechanisms (such as the crypt function) are still supported.