Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

How to Log PAM Error Reports

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

  1. Determine which system-log service instance is online.
    # svcs system-log
    STATE          STIME    FMRI
    disabled       13:11:55 svc:/system/system-log:rsyslog
    online         13:13:27 svc:/system/system-log:default
  2. Configure the syslog.conf file for the level of logging that you need.

    See the DESCRIPTION section of the syslog.conf(4) man page for information about the logging levels. Most PAM error reporting is done through the LOG_AUTH facility.

    For example, create a file for debug output.

    # touch /var/adm/pam_debuglog

    Then, add the syslog.conf entry to send debug output to that file.

    Note -  If the rsyslog service instance is online, modify the rsyslog.conf file.
    # pfedit /etc/syslog.conf
    *.debug        /var/adm/pam_debuglog
  3. Refresh the configuration information for the system-log service.
    # svcadm refresh system-log:default

    Note -  Refresh the system-log:rsyslog service instance if the rsyslog service is online.