The above sample xcomauth file may or may not work in your environment. It is the responsibility of the Security Admin of your system to review and modify the security for your sites specifications.
To Debug the xcomauth file:
1. Check the syslog for any useful messages
2. Debug the system-auth file and xcomauth file.
PAM modules are expected to send messages to syslog(3) under facility type authpriv and the following logging levels:
- LOG_ERR - errors found by the module
- LOG_DEBUG - debugging information
- LOG_ALERT - corrupted or unusable configuration files
- LOG_CRIT - shortage of resources
- LOG_NOTICE - regular authentication failures
The debugging information is enabled by passing string 'debug' as the very first argument (right after the module name) in the PAM config file. For example: auth required /lib64/security/pam_userpass.so debug
Expand the included entries from system-auth into xcomauth and plant the debug parameter into each line (and adjust syslogd.conf so that the messages are saved). This will hopefully explain why the authentication fails.
Also check how these logging destinations are defined in syslogd.conf and see whether there are meaningful messages there.