Overview of PAM #
Overview of Pluggable Authentication Modules
Enable Debugging for PAM#
Although this is a generalized for Solaris, it would be similar on other Unix platforms.
To turn debugging on for Pam, do the following:
- First make a copy of the etc/pam.conf as /etc/pam.debug.conf.
- Make a second copy as /etc/pam.nodebug.conf. This allows for a backup and a non-debug pam.conf
- Edit the /etc/pam.debug.conf file by finding the lines you added into the file and adding the word 'debug' to the end of the line. Make sure there is a space before the word debug. The word debug should also be lowercase. Adding the word debug causes the PAM module to write debugging records to syslog. (See Debug Example for etc/pam.conf below)
- The syslog should now record entries from the /etc/pam.conf file. Normally this file is in the /var/adm/messages directory. Typically the /var/adm/messages is normally set up for log rotate so the file will be called syslog with an extension of a number.
- The etc/syslog.conf file can be edited to set the level of debugging.
Debug Example for etc/pam.conf#
For the PAM Module Name
you require debugging information from add the "debug" PAM module-arguments
to the end of the line.
sshd auth sufficient /usr/lib/security/pam_ascauth.so stats debug
Make sure "debug" priority messages are logged somewhere from /etc/syslog.conf
There might be more information for this subject on one of the following: