PAM

A pluggable authentication module (PAM) is a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). The PAM audit events include authorization, credentials, account management, password changes, open session, and multi-factor authentication.

PAM Audit Event Log Sample

The following is a sample of an audit event log for Centrify Audit Event ID 24100. This log sample documents PAM authentication being granted. The change was made by user=dwirth(type:ad,dwirth@acme.vms) on April 4 at 21:04:14.

Apr 4 21:04:14 engcen6 adclient[1749]: INFO AUDIT_ 
TRAIL|Centrify Suite|PAM|1.0|100|PAM authentication 
granted|5|user=dwirth(type:ad,dwirth@acme.vms) pid=7458 
utc=1459784054942 CentrifyEventID=24100 
DAInst=AuditingInstallation DASessID=c72252aa-e616 
-44ff-a5f6-d3f53f09bb67 status=GRANTED 
service=sshd tty=ssh client=dc.acme.vms

PAM Audit Events

PAM Audit Events

Event Id Description Parameters
24100-Deprecated PAM authentication granted This event has been deprecated. Use Centrify Event Id 24102 introduced in release 2017.3 instead. service: service tty: tty client: client
24101-Deprecated PAM authentication denied This event has been deprecated. Use Centrify Event Id 24103 introduced in release 2017.3 instead. service: service tty: tty client: client reason: error message
24102 PAM authentication granted added in release 2017.3 service: service tty: tty client: client MfaRequired: whether user was required to do MFA EntityName: Entity Name
24103 PAM authentication denied added in release 2017.3 service: service tty: tty client: client reason: error message MfaRequired: whether user was required to do MFA EntityName: Entity Name
24200 PAM set credentials granted service: service tty: tty client: client
24201 PAM set credentials denied service: service tty: tty client: client reason: error message
24300 PAM account management granted service: service tty: tty client: client
24301 PAM account management denied service: service tty: tty client: client reason: error message
24400 PAM change password granted service: service tty: tty client: client
24401 PAM change password denied service: service tty: tty client: client reason: error message
24500 PAM open session granted service: service tty: tty client: client
24501 PAM open session denied service: service tty: tty client: client reason: error message
24600 PAM close session granted service: service tty: tty client: client
24601 PAM close session denied

service: service tty: tty client: client reason: error message

24700 The user logins to the system in rescue mode added in release 18.11 service: service tty: tty client: client
24800 The dzo user authenticates to the system in rescue mode, added in Release 2023.1 service: service tty: tty client: client