One of the ways to monitor a group of enterprise (OS) users with PAM is to define an enterprise group for the OS group they belong to. For instance, if I have users abc, def and xyj belonging to OS group staff, in selang it would be possible to create an enterprise group staff with audit flags
nxg staff owner(root) audit(all, interactive)
When one of this users logs in, PAM will recognize it as an OS user and since it belongs to XGROUP staff, it will be monitored with KBL, since interactive is specified.
Sometimes, tough, this does not work. The user logs in, but nothing is actually recorded in the KBL audit
Why can't I see any recorded KBL sessions for my user even if it belongs to a group for which KBL audit is enabled in PAM SC ?
PIM and PAM SC all versions
The present document explains this use case for UNIX/Linux, but likewise a Windows PAM SC/PIM environment will have the same behaviour and the settings will have to be modified in the Windows registry under the PAM SC keys.