If you can log into the instance through the VMware console, your pam is functional (good news).
You're on a RHEL clone so take a look at two log files, the first one is /var/log/secure, you want to grep it against an account name that's repeatedly failing.
Quote:
grep <username> /var/log/secure
|
If the login is being forwarded to the authentication authority, it'll register in secure and we'll see what it's saying.
Additionally, check /var/log/boot.log and dmesg for errors or warnings.
Whether you pass out the contents of /etc/shadow or not is entirely your call, and it should be based on the understanding that you may be revealing unique account names (which is half of what somebody needs to access your system), the other half is encrypted passwords so evaluate the risk accordingly.
What none of these experts will tell you is everybody already knows most of the account names in /etc/shadow because they are system accounts and always have the same name (like mysql).
Of course, some folks can't resist the urge to lecture.