CA XCOM for Linux using PAM receives message "XCOMU0287E Error setting remote user id: Verify login failed"
search cancel

CA XCOM for Linux using PAM receives message "XCOMU0287E Error setting remote user id: Verify login failed"


Article ID: 6460


Updated On:


XCOM Data Transport XCOM Data Transport - Linux PC


Implemented LDAP PAM on our Linux RHEL 7 to use with CA XCOM and when performing an incoming transfer receive message:
"XCOMU0287E Error setting remote user id: Verify login failed


XCOM r11.6 for Linux, Red Hat v7


Support provided a working sample version of the xcomauth file that solved the problem.

auth required /opt/CA/XCOM/redistrib/pam_userpass/
auth required
auth sufficient use_first_pass
auth sufficient nullok use_first_pass
auth required

account required
account required broken_shadow
account sufficient
account sufficient uid < 500 quiet
account [default=bad success=ok user_unknown=ignore]
account required

Additional Information

CA XCOM DATA TRANSPORT FOR UNIX/LINUX 11.6.1> Reference > Operating Environment > Pluggable Authentication Modules (PAM) Based Authentication

NOTE: The above sample xcomauth file may or may not work in a specific environment. It is the responsibility of the Security Administrator to review and modify the security for site specific implemenattion. 

To debug PAM problems:
1. Check the syslog for any useful messages
2. Debug the system-auth file and xcomauth file.

PAM modules are expected to send messages to syslog(3) under facility type authpriv and the following logging levels: 
- LOG_ERR - errors found by the module 
- LOG_DEBUG - debugging information 
- LOG_ALERT - corrupted or unusable configuration files 
- LOG_CRIT - shortage of resources 
- LOG_NOTICE - regular authentication failures 
The debugging information is enabled by passing string 'debug' as the very first argument (right after the module name) in the PAM config file. For example:
auth required /opt/CA/XCOM/redistrib/pam_userpass/ debug
Expand the included entries from system-auth into xcomauth and plant the debug parameter into each line (and adjust syslogd.conf so that the messages are saved). This will hopefully explain why any authentication fails. Also check how these logging destinations are defined in syslogd.conf and see whether there are meaningful messages there.
For further details please see Red Hat Knowledgebase article 1314883: Debugging PAM configuration (requires Red Hat Customer Portal Login)