Accounts created by security components

Edit online

When security components such as LDAP and OpenSSH are installed or configured, user and group accounts are created.

Security components such as LDAP and OpenSSH create the following user and group accounts:
  • Internet Protocol (IP) Security
    • IP Security adds the user ipsec and the group ipsec during its installation. These IDs are used by the key management service.
    Note: The group ID in /usr/lpp/group.id.keymgt cannot be customized before the installation.
  • Kerberos and Public Key Infrastructure (PKI)
    • These components do not create any new user or group accounts.
  • LDAP
    • When the LDAP client or server is installed, the idsldap user account is created. The user ID of idsldap is not fixed and cannot be changed to a different user. This user ID owns the files that are provided by idsldap filesets and packages. You must install the Db2 database before installing the LDAP Server. During the configuration of the LDAP server, the mksecldap command creates the ldapdb2 user account and uses this account to be the LDAP and Db2 instance owner.
  • OpenSSH
    • During the installation of OpenSSH, the user sshd and group sshd are added to the system. You must not change the corresponding user and group IDs. The privilege separation feature in SSH requires IDs.