How to Troubleshoot PAM Configuration Errors
Before You Begin
You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
For each PAM entry that you are troubleshooting, add the debug option.
For example, the following entries in the /etc/pam.d/cron file create debug output for the service.
account definitive pam_user_policy.so.1 debug
account required pam_unix_account.so.1 debug
Log PAM errors at the appropriate level and refresh
the rsyslog daemon.
For details, see How to Log PAM Error Reports.
If the problem is a corrupt PAM configuration, do the following:
Run the application from one terminal window and modify the PAM configuration file in another
Verify that the errors are corrected by testing the changes in the application window.
If the problem is a corrupt PAM configuration that prevents login, boot into single-user mode,
then correct the file, reboot, and test.
To boot a SPARC system, type the following command at the PROM
ok > boot -s
To boot an x86 system, add the –s option to the
kernel options line in the GRUB menu.
For more information, see the boot(8) and grub(7) man pages.
Verify that the errors are corrected.
Log in directly
by using login or ssh. Test that regular
users, privileged users, and roles can use the affected commands.