SCO OpenServer Handbook
Chapter 6, Licensing and registering SCO products
LOGIN: ERROR- Failed to initialize policy manager

LOGIN: ERROR- Failed to initialize policy manager

If you see this message after logging in: 

   LOGIN: ERROR- Failed to initialize policy manager.(IFOR_PM_FATAL)
   Login session denied.
Either the policy manager daemon, /etc/ifor_pmd, has stopped and not restarted, or some crucial file required by the policy manager to satisfy the login request is missing or corrupted.

NOTE: You may be logged out and be unable to log in to troubleshoot the problem. Additional error messages may also appear. If so, simply turn the system off and reboot. If the error messages persist when the system is brought up, follow the procedures described here.

Here are possible specific sources of corruption or malfunction:



The /etc/ifor_pmd binary is corrupted or missing

The policy manager (/etc/ifor_pmd) must be present and running for your system to function. In the Software Manager, choose Software Verify Software and select Broken/missing symbolic links. This will check and possibly repair the link from /etc/ifor_pmd to the /opt/K/SCO hierarchy. You can also perform this operation on the policy manager package alone by making the following successive selections first:

SCO OpenServer Enterprise System
SCO OpenServer Enterprise System UNIX
SCO OpenServer Enterprise System Core OS
Base Operating System
Policy Manager

If the ifor_pmd binary is actually missing from the /opt/K/SCO directory tree, you can use the customextract(ADM) command to install a single file from the installation media. In the case of cdrom media and the cdrom device /dev/cd0, the command would be:

customextract -m /dev/cd0 /opt/K/SCO/Unix/*/pmd/ifor_pmd

After the restore is complete, you should use the Software Manager to verify the link in /etc. 

Key files or directories are missing

The directory /pmd and/or its contents, the named streams pipes IPCCT_pipe, PMDCT_pipe, LST_pipe, and the file ifor_pmd.pid, are corrupted or missing.

If /pmd exists, but any of its file contents do not, they may be restored by stopping and restarting /etc/ifor_pmd. In order to do this, perform these steps: 

  1. Enter the command:

    ps -ef | grep ifor_pmd | grep -v grep

    which should return two lines similar to this: 

       root 41     1  0   Aug-29       ?    00:00:00 /etc/ifor_pmd
   root 42    41  0   Aug-29       ?    00:00:04 /etc/ifor_pmd
    Any of the numbers shown may vary on your system, with the exception that one of the entries should have ``1'' in the third field (parent process ID). This is the ``parent'' copy of ifor_pmd, and the other entry is the ``child'', whose parent process ID should match the second field (process ID) of the parent entry.

  2. Kill the child ifor_pmd. In the example, the command would be:

    kill 42

  3. In a few moments, run the ps command again. You should observe that a new child ifor_pmd is running.

  4. Check the contents of /pmd. You should see four files: 

    IPCCT_pipe
    PMDCT_pipe
    LST_pipe
    ifor_pmd.pid



The root filesystem is mounted read-only

This has been identified as a common reason for policy manager-related failures. Of course, in this case, the policy manager errors would accompany many write failures to /dev/root, with corresponding error messages.

It is usually sufficient to check this by examining the file /etc/default/filesys for nondefault root filesystem settings, such as mountflags=-r, or mntopts="-o ro" If such settings are found, remove them. 

No user licenses exist, or there are no more licenses

First, determine how many users are already logged in to the system with the brand(ADM) command; see ``Displaying login licenses in use''. A user is defined as a distinct physical keyboard or a login over the network. If the system has run out of licenses to check out, the only way to avoid the error message is to add user licenses by purchasing an additional-user license product.

If the login user count has not been exceeded, it is possible that the license database itself has been corrupted. Follow the steps below to re-apply the user licenses on the system. This procedure assumes that user licenses are supplied only through the SCO OpenServer Enterprise System Certificate of License and Authenticity. If you have already licensed additional users with a separate user-license product, apply the procedure to that product first.

  1. Tell all users to log off the system.

  2. When all users are logged off, invoke the License Manager, select SCO OpenServer Enterprise System, and choose License Remove License to remove the SCO OpenServer Enterprise System license.

  3. Re-license and register the SCO OpenServer Enterprise System, choosing the appropriate options in the License Manager.

  4. Run the grep command discussed in ``Key files or directories are missing'' to check whether the policy manager daemon is running. If two instances of the /etc/ifor_pmd process are not running, issue this command to restart the policy manager:

    /etc/ifor_pmd

    Repeat the grep command to verify that two instances of ifor_pmd are running.

  5. Tell users to log back in to the system.


The system has run out of STREAMS resources

Issue the command:

netstat -m

Note the first line of the output (streams): 

streams allocation:
                     config   alloc    free   total     max    fail
streams                 292     110     182  337172     126       0
.
.
.
If the streams line shows a fail greater than zero, then run the Hardware/Kernel Manager or the configure(ADM) command and increase the NSTREAM kernel parameter. See ``Tuning STREAMS usage'' in the Performance Guide for more information.