PIM(EP) r12.8 SP1: cannot login after uninstall PIM

Document ID : KB000119901
Last Modified Date : 22/11/2018
Show Technical Document Details
Issue:
Customer uninstalled PIM from system.
After uninstall, he cannot login system via remote or VM console by all users.
 
Environment:
First reported this problem on:
OS: RHEL 71
Prod: CA Privileged Identity Manager r12.8 SP1 for Endpoint.

But it may occurred PIM / PAMSC all version on all Linux system.
 
Cause:
PIM installer add pam_seos.so entry after pam_unix.so entry during installation.
if the entry has rule for index jump as "success = x", PIM installer increases count up.
And also, PIM uninstaller remove pam_seos.so entry in configuration file.
But  PIM uninstaller does not decrement index# after "success =".
So, PAM rule  cannot jump correct line.
 
Resolution:
As workaround, he should set decrease # at success= for pam_unix.so entry.

Here is example:
Before Install PIM:
  auth [success=3 default=ignore] pam_unix.so nullok try_first_pass

After install PIM
  auth [success=4 default=ignore] pam_unix.so nullok try_first_pass

After uninstall PIM
  auth [success=4 default=ignore] pam_unix.so nullok try_first_pass
  It should set as following:
  auth [success=3 default=ignore] pam_unix.so nullok try_first_pass


This problem is fixed by testfix, T5C1155.
Please contact support team about this testfix.