STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215383

CAT II (Medium)

The klogin daemon must be disabled on AIX.

Rule ID

SV-215383r958478_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000381

Discussion

The klogin service offers a higher degree of security than traditional rlogin or telnet by eliminating most clear-text password exchanges on the network. However, it is still not as secure as SSH, which encrypts all traffic. If using klogin to log in to a system, the password is not sent in clear text; however, if using "su" to another user, that password exchange is open to detection from network-sniffing programs. The recommendation is to use SSH wherever possible instead of klogin. If the klogin service is used, use the latest Kerberos version available and make sure that all the latest patches are installed.

Check Content

From the command prompt, execute the following command: 
# grep "^klogin[[:blank:]]" /etc/inetd.conf

If there is any output from the command, this is a finding.

Fix Text

In "/etc/inetd.conf", comment out the "klogin" entry by running command:  
# chsubserver -r inetd -C /etc/inetd.conf -d -v 'klogin' -p 'tcp'

Restart inetd:
# refresh -s inetd