Usage Note 45817: Host-based authentication fails in AIX 6.1 with message "PAM is not configured correctly for sasauth."
 |  |  |  |
The UNIX host-based authentication server, sasauth, fails in AIX 6.1 with the following messages in the sasauth.debug.log file:
20120222-13:08:00 PAM did not request password. 20120222-13:08:00 Authentication failed 20120222-13:08:00 User pwhite did not authenticate. Reason: 'PAM is not configured correctly for sasauth.' (pam) 20120222-13:08:00 Request failed: 'PAM is not configured correctly for sasauth.'
The AIX system logs display the following messages:
Feb 22 13:08:00 aixth85 auth|security:err|error
/sas/install/SASFoundation/9.2/utilities/bin/sasauth PAM: load_modules:
can not open module /usr/lib/security/64/64/pam_aix
The problem is caused by the way that the entries for sasauth are defined in the /etc/pam.conf file.
By default, if the module-type is defined with an absolute path,
then that path is used.
In AIX 6.1, the AIX PAM framework adds the extraneous 64 directory to the path:
sasauth auth required /usr/lib/security/64/pam_aix sasauth account required /usr/lib/security/64/pam_aix
The additional directory level results in a failure to load the PAM object.
To solve the problem, modify the sasauth entry in the /etc/pam.conf file as shown below:
sasauth auth required pam_aix sasauth account required pam_aix
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | Base SAS | 64-bit Enabled AIX | 9.21_M3 | 9.2 TS2M3 | ||
To solve this problem, correct the /etc/pam.conf file.
| Type: | Usage Note |
| Priority: | |
| Topic: | System Administration ==> Security ==> Authentication |
| Date Modified: | 2012-02-29 12:10:06 |
| Date Created: | 2012-02-27 13:58:45 |