you know that information was removed for YOUR protection

so
why did you necro post to this 5 month old post ?

you NEVER ask people for that and you NEVER give it out

unless it is the REAL help desk asking you
but they would not ask

they already have it



from the output of the now 5 month out of date and old xorg log
the hardware changed

so i am guessing that this clone is not running on the EXACT SAME hardware
on the same VM

If you can log into the instance through the VMware console, your pam is functional (good news).
You're on a RHEL clone so take a look at two log files, the first one is /var/log/secure, you want to grep it against an account name that's repeatedly failing.

If the login is being forwarded to the authentication authority, it'll register in secure and we'll see what it's saying.
Additionally, check /var/log/boot.log and dmesg for errors or warnings.

Whether you pass out the contents of /etc/shadow or not is entirely your call, and it should be based on the understanding that you may be revealing unique account names (which is half of what somebody needs to access your system), the other half is encrypted passwords so evaluate the risk accordingly.
What none of these experts will tell you is everybody already knows most of the account names in /etc/shadow because they are system accounts and always have the same name (like mysql).

Of course, some folks can't resist the urge to lecture.