Editing the /etc/pam.d files on Red Hat Enterprise Linux Server

This section describes how to edit powerscui in the /etc/pam.d directory to use the IBM® PowerSC MFA PAM module. You can also use the authconfig tool to configure PAM instead of manually editing the PAM configuration files, as described in the Red Hat Enterprise Linux® Server documentation.

To use the IBM PowerSC MFA PAM module, complete the following steps:
Important: Be mindful that if you make a typo in /etc/pam.d/powerscui, it can result in an "Unknown authentication error." This can be difficult to troubleshoot.
  1. Create (touch) the file /etc/pam.d/powerscui.
  2. Edit /etc/pam.d/powerscui and add the following entry: 
    #%PAM-1.0
auth sufficient pam_pmfa.so /etc/security/pmfa/pam_pmfa.conf
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
account    required     pam_nologin.so
account    include      system-auth
  3. Save the changes.
  4. A user who attempts to log in to PowerSC GUI server must be provisioned for IBM PowerSC MFA, as described in IBM PowerSC MFA Installation and Configuration .