In the phase of testing and debugging, it is often useful to get some information about which modules are called, and what they are doing. Most modules support the debug
parameter. If the module is configured by a configuration file and not only by parameters in the PAM configuration files, it is highly possible that you can increase the amount of logging in the configuration file.
Most modules support the debug
parameter for enabling print out of debug messages. These messages are written to log files using syslog. An example of two PAM modules with enabled debugging is shown next.
auth required pam_unix.so nullok_secure debug auth optional pam_mount.so use_first_pass debug
The debug
parameter will enable basic logging, that is you will be able to see when a user tried to log in and which PAM modules were used in order to authenticate him or her.
Many modules can extend the logging. If it is possible, it is typically enabled in a module...