Troubleshooting AIX PAM password redirection

Document ID:3679633
Creation Date:10-Sep-2007
Modified Date:26-Apr-2012
- Micro Focus Products:
  Identity Manager

Environment

Novell Identity Manager 3.0

Novell Identity Manager 3.5

Novell Identity Manager - Password Synchronization

Novell Identity Manager Driver - Linux and UNIX - Fan Out

Novell Identity Manager Driver - Linux and UNIX - Bi-directional (formally NIS)

Situation

The AIX user password can't sync back to eDirectory. Installed the PAM module for AIX 5.3 64bit, but I use passwd command to change password and the remote loader does not feedback anything and the dstrace.log contains nothing onthe change password.

Resolution

Here is some information about the install to help troubleshoot the issue.

When you go through the install by hand and if you choose to install PAM, it should say:

==================

Would you like to configure the PAM module to publish password modifications? (Y/N) [Y] y

Configuring PAM...

Using PAM configuration file: [/etc/pam.conf]

Inserting line [other password required pam_nxdrv.so.1 mechanism=api]

original PAM file backed up to /etc/pam.conf.nxdrv.051807161225

===================

Note that it indicates which file(s) were modified, where the original was backed up to before modification, and the exact line that was inserted into the pam.conf.

Also, if you enter the following command:

touch /etc/pam_debug

The PAM framework will syslog a lot of pam activity that may also help troubleshoot the problem. This is a standard file that's used by PAM on all operating systems, including AIX.

One more piece of useful information:

PAM is fairly new to AIX. In AIX 5.3, you need to modify /etc/security/methods.cfg and add a line to your 'usw' stanza to enable PAM on your system:

auth_type = PAM_AUTH