entry removed when user update pam configuration via OS tool, authconfig, pam-config


Article ID: 16879


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction entry is removed when customer change pam entry via OS tool. 

SUSE: pam-config, RHEL: authconfig 


Please let me know how to recover entry.



OS: LinuxProduct: CA Privileged Identity Manager Endpoint


These tools are updating PAM configuration files as default setting.

So, the entry which is update by manual is removed.

It works as design on tools. 


Please add manually along with original PAM setting after installation.

Additional Information

Just after install PIM on Redhat Enterprise Linux 7.2 as sample:

----- password-auth


# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required

auth sufficient nullok try_first_pass

auth       optional

auth requisite uid >= 1000 quiet_success

auth required


account    optional

account required

account sufficient

account sufficient uid < 1000 quiet

account required


password  sufficient

password requisite try_first_pass local_users_only retry=3 authtok_type=

password sufficient sha512 shadow nullok try_first_pass use_authtok

password required


session    optional

session optional revoke

session required

-session optional

session [success=1 default=ignore] service in crond quiet use_uid

session required