Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-9204: DZDO failing with pam_open_session: module is unknown

Authentication Service ,  

26 September,17 at 07:27 PM


DZDO is failing on RHEL after Centrify DirectControl upgrade from an older version to 5.4.x with error "pam_open_session: module is unknown"


DZDO PAM stack has deprecated module


In this scenario, the PAM stack, in the older version of Centrify DirectControl, had this format which included the deprecated '' module. It is unclear how this configuration was set, either by client configuration or remnants of a previous version's setup.

auth required service=system-auth
account required service=system-auth
password required service=system-auth
      session required

That module needs to be removed and a PAM stack similar to the one below has to be implemented:

      auth include system-auth
      account include system-auth
      password include system-auth
      session required

DZDO settings have changed from older versions to newer versions, and using a deprecated PAM module can cause unexpected behavior.

Additional NON-Centrify references provided for your information:


Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy.  Customers should contact the vendor if there are any further questions.