To debug pam issues,
IBM has some additional
PAM framework debug options:
touch /etc/pam_debug
Make sure "debug" priority messages are logged somewhere from /etc/syslog.conf
NOTE: We have seen versions of
openSSH on
AIX that were older than 4.x and they woudl not work with PAM. We had to perform an upgrade to the latest version (4.7) adn this required an upgrade of openSSL on the ZIX box as well.
There might be more information for this subject on one of the following: