PAM Kerberos Release Note, HP 9000 Networking

Chapter 1 23

PAM Kerberos Release Note

Debugging Procedures

The PAM Kerberos module returns debug and error messages that are logged using syslog

utility. Use the appropriate syslog log levels to gather more information about error scenarios.

Debug logs are enabled with "debug" option in the /etc/pam.conf ﬁle for Kerberos PAM

module.

The following table provides various error codes with the suggested corrective actions:

PAM Error code Meaning Reason/More information

PAM_AUTHTOK_ERR Authentication token

manipulation error.

Check password entered.

PAM_USER_UNKNOWN User unknown to Kerberos

service.

Ensure user is present in

Kerberos KDC.

PAM_TRY_AGAIN Preliminary check by

password service failed.

Try again.

PAM_PERM_DENIED No permission. Check the permissions/ACLs.

PAM_BUF_ERR Memory buffer error. Ensure sufficient system

memory is available for all

processes.

PAM_SYSTEM_ERR System error. Generic System Error. See

syslog outputs for specific

information.

PAM_AUTHTOK_RECOV

ERY_ERR

Authentication information

cannot be recovered.

Old password is not correct.

PAM_ACCT_EXPIRED User account has expired Ensure if the user's account is

valid.

PAM_AUTH_ERR Authentication failure User's password may be

wrong OR the host machine

identity is not present OR the

credential cache may not be

writeable.