Manualshelf

Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
81828384858687888990
Troubleshooting Kerberos Related Products
Troubleshooting the PAM Kerberos
Chapter 4 89
Troubleshooting the PAM Kerberos
The PAM Kerberos module returns debug and error messages that are
logged using the syslog utility. Use the appropriate syslog log levels to
gather more information about error scenarios.
Debug logging is enabled using the debug option in the /etc/pam.conf
file for Kerberos PAM module, as shown in the example below:
When using the debug option, make sure you designate a log file for
debugging by modifying the /etc/syslog.conf file. For example:
You can instruct the syslog daemon, /etc/syslogd, to re-read its
configuration file by sending it a
HANGUP
signal as follows:
kill -HUP ‘cat /var/run/syslog.
pid
You can find the above example from syslogd manpage. The syslog also
contains all the authentication messages for ARPA services such as ftp
and telnet.
Also, the syslog contains the PAM error codes from the include file
/usr/include/security/pam_appl.h. The following table provides a
list of error codes with the suggested corrective actions:
Table 4-1
login auth sufficient /usr/lib/security/libpam_krb5.1 debug
Table 4-2
*.debug<tab>/var/adm/syslog/pam.log
Table 4-3 Error Codes and Corrective Actions
Error
No.
PAM Error Code Meaning
Corrective
Actions
1 PAM_SYSTEM_ERR System error Generic System
Error. See syslog
outputs for
specific
information.