In IT, There Are No Points for Humility

Rob McNelly on the importance of giving credit where due, a guide to NPIV setup and more

This years-old post from Scott Cochrane intrigued me:

“You’ll find yourself in a planning session with a group of leaders, when all of a sudden someone will use one of the well-worn leadership axioms, ‘Well, just think of what our team can accomplish if no one cares who gets the credit!’

“That quote is usually attributed to Harry Truman.

“Well, with respect to both Truman and this leader who quoted him, this sentiment is just wrong. It really does matter who gets the credit.

“The sentiment underlying the statement is noble enough. The idea is that we don’t want our cultures to be infected by grandstanding players, vying for individual attention. I get that.

“But the idea that you, as a leader, ought to be unaware as to who keeps coming up with your team’s best ideas is not in the best interest of your team, your culture or your leadership.

“It really does matter who gets the credit.

“You need to know the relative strengths of your team players. You need to know who it is that is consistently, and disproportionately, generating the initiatives that are creating the most ‘wins’ for your organization. And for that to happen it needs to be ‘okay’ in your culture for those top performers to be recognized.

“They need to get the credit.”

This sort of thing has come up in my experience. I have worked on teams where Admin1 comes up with a solution and Admin2 takes the credit for it and Admin1 doesn’t bother setting the record straight. After all, the problem was solved. And to be sure, the client suffering the issue may not know or care who provided the fix.

However, with this scenario, the team could be misled into thinking that Admin2 has more skills than they really do. That could cause issues in the long run when it comes time for recognition, promotions or other rewards.

I do believe an accurate recounting of events is important. It benefits the team as well as the individual.

Using Sendmail SASL Authentication Support

AIX 7.3 delivered SASL authentication capabilities to sendmail. Recently I was asked to configure an AIX system to use a sendmail relay that uses SASL. Since I was setting up AIX as a client, I skipped ahead to this section:

“These next instructions assume your client has a submit.cf file with a populated DS entry in it to specify your external mail relay, which allows it to communicate directly with the remote mail relay and is not dependent on the sendmail daemon—in this case, the sendmail daemon does not even need to be running on this system. This is a good way to do it so that you don’t unnecessarily have the sendmail daemon running and listening on port 25.”

More From IBM Support

1) “viosupgrade from latest 3.1.4.x to 4.1.2.x now migrates security configurations that involves migration of custom users. But post upgrade these users are not able to login”:

“Local fix:

pwdadm -c <username>

“Problem summary: non-root users have to reset password after upgrading to new vios level or after restoring backup which is unexpected.”

2) backupios may fail for certain tape devices:

backupios to tape may fail with
$ backupios -tape /dev/rmt0

The tape device doesn't exist: "/dev/rmt0".
Exiting backupios

“Local fix: Allow also multiplexed character devices as target device for -tape option of backupios.

“Problem conclusion: Multiplexed character devices will be recognized as valid tape devices for backupios.”

3) “Certain variables are not being reset appropriately within the alloc_crq function that leads to VIOS crash”:

“Local fix: Consecutive reboots eventually bypass the issue.

“Problem summary: VIOS may crash in i_clear during vfc_host configuration when resource allocation for the main CRQ fails.

“Problem conclusion: Implemented proper handling for resource allocation failures during main CRQ initialization”

4) A few vulnerabilities are covered here:

“Vulnerabilities in OpenSSL could send contents of an uninitialized memory buffer (CVE-2026-31790), cause a use-after-free (CVE-2026-28387), cause a NULL pointer dereference (CVE-2026-28388, CVE-2026-28389, CVE-2026-28390), or lead to a buffer overflow (CVE-2026-31789). OpenSSL is used by AIX as part of AIX’s secure network communications.”

5) Watch for this if you’re running the encrypted file system:

“Users are encountering an error when attempting to use the EFS (Encrypted File System) framework as a non-root user.

“The specific error message is: Problem initializing EFS framework. Please install latest version of clic.rte

“Modification of Security Boot Configuration: The following line was removed or commented out in the /etc/inittab file:

securityboot:2:bootwait:/etc/rc.security.boot>/dev/console 2>&1

“If the line is commented out but the system is not rebooted, the EFS framework works fine for non-root users.

“If the line is commented out and the system is rebooted, non-root users encounter the EFS initialization error for any EFS-related commands.

“Commands & Errors: After rebooting the system with the commented line, any of the following EFS commands produce the same error:

efskeymgr -o ksh
efskeymgr -v
efskeymgr -V

Error: Problem initializing EFS framework. Please install latest version of clic.rte

“Resolving The Problem

To resolve the EFS initialization issue for non-root users, follow these steps:

“Restore the Security Boot Configuration line:

Uncomment/Add the below line in the /etc/inittab file

securityboot:2:bootwait:/etc/rc.security.boot>/dev/console 2>&1

“Reboot the System:
After restoring the line, reboot the LPAR (Logical Partition) to ensure that the changes take effect.

Verify EFS Functionality:
After rebooting, test the EFS commands again as a non-root user:

efskeymgr -o ksh
efskeymgr -v
efskeymgr -V

“Ensure that no errors are returned and that the EFS framework initializes correctly.”

6) This is an issue with IBM Cloud VPC RFS:

“IBM Cloud VPC Regional File Storage (RFS) File share mounting fails onto AIX…

“When attempting to mount an IBM Cloud VPC Regional File Storage (RFS) file share on an AIX system using NFSv4, the operation fails with the error, ‘a route to the remote host is not available’ initially.

“After adjusting the NFS domain on the AIX client to match the VPC domain, the mount command fails again with ‘vmount: invalid argument’.

“The issue arises because the AIX NFS client only supports NFSv4.0, while the RFS file share is exported via NFSv4.1, which is not compatible.”

NPIV Deep Dive

This is quality reference material for those setting up a new system:

“This procedure covers the complete setup of NPIV (N_Port ID Virtualization) on new Power systems from initial vfchost creation through SAN readiness verification, before a client LPAR is activated. The procedure requires HMC for virtual adapter slot creation but does not require RMC at any step. Virtual FC adapter slots are created via HMC profile modification and a VIOS Shutdown/Activate cycle, eliminating any dependency on RMC connectivity throughout the entire procedure.

“RMC is the standard and recommended management framework for PowerVM environments. It enables live DLPAR operations, dynamic adapter management, and non-disruptive partition administration. This procedure is intended for exceptional cases where RMC connectivity is unavailable—such as new environment setup, network constraints, or initial SAN provisioning before OS installation. RMC should be established as soon as operationally possible after completing this procedure.”

---