How to disable TCB on running AIX Server

It has been thinking of many AIX admins that Trusted Computing Base if enabled cant be disabled on the running system; you need to re-install the OS to deactivate it. What a Joke!!! Everything is becoming dynamic and we are still standing on same level.

Let's step forward:-

 MYTH of TCB can't be disbaled if once enabled. How to disable TCB on the fly

If TCB is enabled in AIX can be disabled without rebooting or rather say reinstalling the OS. Here is the process: -
 

Don't need any application downtime.

*Playing with ODM is dangerous, so keep your hands safe ;)))

1) Take Odm backup

/usr/lib/objrepos, /usr/share/lib/objrepos and /etc/objrepos recursively

2) Check the TCB in odm 

# odmget -q attribute=TCB_STATE PdAt

PdAt:
        uniquetype = ""
        attribute = "TCB_STATE"
        deflt = "tcb_enabled"
        values = ""
        width = ""
        type = ""
        generic = ""
        rep = ""
        nls_index = 0
#

3) Disable TCB

odmget -q attribute=TCB_STATE PdAt | sed 's/tcb_enabled/tcb_disabled/' | odmchange -o PdAt -q attribute=TCB_STATE

4) Now TCB is disbaled

# odmget -q attribute=TCB_STATE PdAt
PdAt:
        uniquetype = ""
        attribute = "TCB_STATE"
        deflt = "tcb_disabled"
        values = ""
        width = ""
        type = ""
        generic = ""
        rep = ""
        nls_index = 0
#

5) If you want to enable TCB again

odmget -q attribute=TCB_STATE PdAt | sed 's/tcb_disabled/tcb_enabled/' | odmchange -o PdAt -q attribute=TCB_STATE