PAM
A pluggable authentication module (PAM) is a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). The PAM audit events include authorization, credentials, account management, password changes, open session, and multi-factor authentication.
PAM Audit Event Log Sample
The following is a sample of an audit event log for Centrify Audit Event ID 24100. This log sample documents PAM authentication being granted. The change was made by user=dwirth(type:ad,dwirth@acme.vms) on April 4 at 21:04:14.
Apr 4 21:04:14 engcen6 adclient[1749]: INFO AUDIT_
TRAIL|Centrify Suite|PAM|1.0|100|PAM authentication
granted|5|user=dwirth(type:ad,dwirth@acme.vms) pid=7458
utc=1459784054942 CentrifyEventID=24100
DAInst=AuditingInstallation DASessID=c72252aa-e616
-44ff-a5f6-d3f53f09bb67 status=GRANTED
service=sshd tty=ssh client=dc.acme.vms
PAM Audit Events
PAM Audit Events
| Event Id | Description | Parameters | |
|---|---|---|---|
| 24100-Deprecated | PAM authentication granted This event has been deprecated. Use Centrify Event Id 24102 introduced in release 2017.3 instead. | service: service tty: tty client: client | |
| 24101-Deprecated | PAM authentication denied This event has been deprecated. Use Centrify Event Id 24103 introduced in release 2017.3 instead. | service: service tty: tty client: client reason: error message | |
| 24102 | PAM authentication granted added in release 2017.3 | service: service tty: tty client: client MfaRequired: whether user was required to do MFA EntityName: Entity Name | |
| 24103 | PAM authentication denied added in release 2017.3 | service: service tty: tty client: client reason: error message MfaRequired: whether user was required to do MFA EntityName: Entity Name | |
| 24200 | PAM set credentials granted | service: service tty: tty client: client | |
| 24201 | PAM set credentials denied | service: service tty: tty client: client reason: error message | |
| 24300 | PAM account management granted | service: service tty: tty client: client | |
| 24301 | PAM account management denied | service: service tty: tty client: client reason: error message | |
| 24400 | PAM change password granted | service: service tty: tty client: client | |
| 24401 | PAM change password denied | service: service tty: tty client: client reason: error message | |
| 24500 | PAM open session granted | service: service tty: tty client: client | |
| 24501 | PAM open session denied | service: service tty: tty client: client reason: error message | |
| 24600 | PAM close session granted | service: service tty: tty client: client | |
| 24601 | PAM close session denied |
service: service tty: tty client: client reason: error message |
|
| 24700 | The user logins to the system in rescue mode added in release 18.11 | service: service tty: tty client: client | |
| 24800 | The dzo user authenticates to the system in rescue mode, added in Release 2023.1 | service: service tty: tty client: client |