On Linux hosts running vasd, the cron job activity is logged in ‘/var/log/secure’ but should be logged in ‘/var/log/cron’.
When ‘/etc/pam.d/ password-auth’ is replaced with a file that does not contain pam_vas3 references then the cron job activity is logged in the correct location – ‘/var/log/cron’
This behaviour has been observed on RHEL 8.x and CentOS 7.x systems running SAS 4.1.x and 4.2.x.
This behaviour has not been observed on RHEL 6.x systems running SAS.
Currently there is no workaround or resolution for this issue.