Manualshelf

Configuration Guide for Kerberos Client Products on HP-UX

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
919293949596979899100
Troubleshooting Kerberos Related Products
Troubleshooting PAM Kerberos
Chapter 4 91
Troubleshooting PAM Kerberos
The PAM Kerberos module returns debug and error messages that are
logged using the syslog utility. Use the appropriate syslog log levels to
gather more information about error scenarios.
Debug logging is enabled using the debug option in the /etc/pam.conf
file for Kerberos PAM module, as shown in following example:
login auth sufficient /usr/lib/security/libpam_krb5.1 debug
When using the debug option, make sure you designate a log file for
debugging by modifying the /etc/syslog.conf file. For example:
*.debug<tab>/var/adm/syslog/pam.log
You can instruct the syslog daemon, /etc/syslogd, to re-read its
configuration file by sending it a HANGUP signal as follows:
kill -HUP ‘cat /var/run/syslog.pid
The syslog also contains all the authentication messages for ARPA
services such as ftp and telnet. For more information, see the
syslogd(1M) manpage.
In addition, the syslog contains PAM error codes from the
/usr/include/security/pam_appl.h include file. Table 4-1 provides a
list of error codes with the suggested corrective actions.
Table 4-1 Error Codes and Corrective Actions
Error
No.
PAM Error Code Meaning
Reason/ Corrective
Actions
1 PAM_SYSTEM_ERR System error Generic System Error. See
syslog outputs for specific
information.
2 PAM_BUF_ERR Memory buffer
error
Ensure that sufficient
system memory is
available for all processes.
3 PAM_PERM_DENIED No permission Check the
permissions/ACLs.