IBM Support

How to use the truss command to capture authentication steps for a user

Question & Answer


Question

How can I capture truss data for a user authentication issue?

Answer

 Sometimes it is difficult to determine why an authentication is failing.  When third-party modules are loaded, or permissions on directories are incorrect, the truss command is often useful for analysis.
This example demonstrates how to use truss to trace the calls when userA attempts 'su - userB'.
The truss is run for userA's login shell.
-----------------------------------------------------------------------
1) Start "Terminal Session A" (Log in as userA)
-----------------------------------------------------------------------
Get current shell.
$ echo $$
   --> 7143448  (Example)
To confirm this is the parent ksh process for the truss, use the following command:
$ tty
  --> /dev/pts/3
$ ps -ef | grep "pts/3" | grep "$$" | grep ksh | grep -v grep
  -->> userA 7143448 4063484   0 17:54:23  pts/3  0:00 -ksh
-----------------------------------------------------------------------
2) Start "Terminal Session B" (Log in as root)
-----------------------------------------------------------------------
Start a truss of the userA login shell
#   truss -t\!lseek,\!_sigaction,\!kioctl -r all -w all -feado   /tmp/TSnnnnnnnnn.truss.out -p  <PID from #1>
Note: the "-rALL" and "-wALL " flags include the full content of the I/O buffer for each read or write. You can omit these flags if you do not need to see the full content.  The default output will show the first 12 bytes of each read or write.
-----------------------------------------------------------------------
3) Return to "Terminal Session A" (Still logged in as userA)
-----------------------------------------------------------------------
Attempt the su - userB
$ su - userB
3004-501 Cannot su to "userB" : Authentication is denied.
$ exit
$ .....Connection to <hostname> closed
-----------------------------------------------------------------------
4) Return to "Terminal Session B (Still logged in as root)
-----------------------------------------------------------------------
The truss exited when the userA ksh process ended.
Upload  /tmp/TSnnnnnnnnn.truss.out or attach to your case.
SUPPORT

If you require more assistance, use the following step-by-step instructions to contact IBM to open a case for software with an active and valid support contract.  

1. Document (or collect screen captures of) all symptoms, errors, and messages related to your issue.

2. Capture any logs or data relevant to the situation.

3. Contact IBM to open a case:

   -For electronic support, see the IBM Support Community:
     https://www.ibm.com/mysupport
   -If you require telephone support, see the web page:
      https://www.ibm.com/planetwide/

4. Provide a clear, concise description of the issue.

 - For guidance, see: Working with IBM AIX Support: Describing the problem.

5. If the system is accessible, collect a system snap, and upload all of the details and data for your case.

 - For guidance, see: Working with IBM AIX Support: Collecting snap data

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvzlAAA","label":"Security-\u003EAuthentication"}],"ARM Case Number":"TS004033223","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
28 February 2022

UID

ibm16258143

Page Feedback