Troubleshooting
Problem
PAM authentication failed when SD failed
Symptom
You can do EGO related authentication successfully (For example: egosh user logon) but SOAM related authentication failed (For example: soamview) with following error message:
Cannot retrieve application information : Security error: Authentication failed.
Incorrect user name or password, or the security plugin setting
(specified in the EGO_SEC_PLUGIN parameter in the ego.conf file on both
the client and server) are incompatible.
This issue only happens when SD is running on a master candidate host.
Cause
PAM authentication failed
Environment
Linux
Diagnosing The Problem
Because this is a PAM authentication failure, you can start from checking PAM authentication plugin's log. The log directory is defined by EGO_SEC_CONF in ego.conf. For example:
EGO_SEC_CONF=/opt/egoshare7.1.2/kernel/conf,0,WARN,/opt/ibm/platformsymphony/kernel/log
In the plugin log, you can see error message like following:
xxx xxx xx xx:xx:xx 2017 ERROR [7443] readParamsFromFile(): Error reading plugin configuration file /opt/ibm/platformsymphony/kernel/conf/seckey.conf
Above error message shows the PAM authentication plugin failed to read the key file which is defined in pamauth.conf
Then you can check pamauth.conf to see how the key file is configured. For example following configuration shows the key file is on local file system.
KEYFILE=/opt/ibm/platformsymphony/kernel/conf/seckey.conf
Based on the configuration, the problem could be when a daemon runs on a management host which doesn't have the key file in the defined directory which leads to authentication failure.
Resolving The Problem
You can either copy the key file to the defined directory on each of the management hosts, or copy the key file to your shared file system and then modify pamauth.conf to use such directory.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1026164