Go to main content

Managing Authentication in Oracle® Solaris 11.4

Exit Print View

Updated: November 2020

How to Troubleshoot PAM Configuration Errors

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

  1. For each PAM entry that you are troubleshooting, add the debug option.

    For example, the following entries in the /etc/pam.d/cron file create debug output for the service.

    account definitive      pam_user_policy.so.1     debug
    account required        pam_unix_account.so.1    debug
  2. Log PAM errors at the appropriate level and refresh the rsyslog daemon.

    For details, see How to Log PAM Error Reports.

  3. If the problem is a corrupt PAM configuration, do the following:
    1. Run the application from one terminal window and modify the PAM configuration file in another window.
    2. Verify that the errors are corrected by testing the changes in the application window.
  4. If the problem is a corrupt PAM configuration that prevents login, boot into single-user mode, then correct the file, reboot, and test.
    • To boot a SPARC system, type the following command at the PROM prompt:
      ok > boot -s
    • To boot an x86 system, add the –s option to the kernel options line in the GRUB menu.

    For more information, see the boot(8) and grub(7) man pages.

  5. Verify that the errors are corrected.

    Log in directly by using login or ssh. Test that regular users, privileged users, and roles can use the affected commands.