Troubleshooting
Use these methods to debug IBM Security Verify Gateway for Linux PAM and AIX® PAM (Pluggable Authentication Modules) authentication issues.
Examine the syslog for errors. On RHEL 7, use the journal command. For example, if the auth_method option was spelled incorrectly, choice_then_otp instead of choice-then-otp, the error might be
Aug 28 10:41:15 fedora26.home.com pam_ibm_auth[77017]: Error: auth_method=choice_then_otp: Not a valid auth method.- Enable syslog debugging from the pam_ibm_auth module
by adding the option debug to the PAM configuration file. For example,
Then examine the DEBUG syslog output.auth sufficient pam_ibm_auth.so auth_method=choice-then-otp debug
Common issues
- SELinux can prevent programs that use the PAM module from connecting to Verify or to
ibm_authd
. If you're facing connectivity issues, use thesealert
tool to investigate whether SELinux is denying access. - Ensure that your network firewall is configured to allow outgoing HTTPS connectivity to your Verify tenant.