Enabling PAM debug
The Pluggable Authentication Modules (PAM) library can provide debug information during execution. After enabling the system to collect debug output, the information gathered can be used to track PAM API calls and determine failure points in the current PAM setup.
To enable PAM debug output, complete the following steps:
- Create an empty file named pam_debug in the /etc directory by using the touch /etc/pam_debug command, if the file does not exist. The PAM library checks for the /etc/pam_debug file and enables syslog output if it is found.
- Edit the /etc/syslog.conf file to identify a file where
it will log the auth syslog messages at the priority level you want. For
example, to send PAM debug-level messages to the /var/log/auth.log file, add
the following text as a new line in the syslog.conf
file:
*.debug /var/log/auth.log - Create the output file that was referred to in step 2, /var/log/auth.log, by using the touch command, if it does not exist.
- To restart the syslogd daemon so that configuration changes are
recognized, complete the following steps:
- Stop the syslog daemon by entering the following command:
stopsrc -s syslogd - Start the syslog daemon by entering the following command:
startsrc -s syslogd
- Stop the syslog daemon by entering the following command:
When the PAM application is restarted, debug messages are collected in the output file that is defined in the /etc/syslog.conf configuration file.