To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch: --- /etc/pam.conf.DIST Mon Jul 20 15:37:46 1998 +++ /etc/pam.conf Tue Nov 30 18:47:22 1999 @@ -4,12 +4,14 @@ # # Authentication management # +login auth sufficient /usr/athena/lib/pam_krb4.so login auth required /usr/lib/security/pam_unix.so.1 login auth required /usr/lib/security/pam_dial_auth.so.1 # rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1 rlogin auth required /usr/lib/security/pam_unix.so.1 # +dtlogin auth sufficient /usr/athena/lib/pam_krb4.so dtlogin auth required /usr/lib/security/pam_unix.so.1 # rsh auth required /usr/lib/security/pam_rhosts_auth.so.1 @@ -24,6 +26,8 @@ # # Session management # +dtlogin session required /usr/athena/lib/pam_krb4.so +login session required /usr/athena/lib/pam_krb4.so other session required /usr/lib/security/pam_unix.so.1 # # Password management --------------------------------------------------------------------------- To enable PAM in /bin/login and xdm under Red Hat 6.1 apply these patches: --- /etc/pam.d/login~ Thu Jul 8 00:14:02 1999 +++ /etc/pam.d/login Mon Aug 30 14:33:12 1999 @@ -1,9 +1,12 @@ #%PAM-1.0 +# Updated to work with kerberos +auth sufficient /lib/security/pam_krb4.so auth required /lib/security/pam_securetty.so auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so nullok use_authtok shadow +session required /lib/security/pam_krb4.so session required /lib/security/pam_pwdb.so session optional /lib/security/pam_console.so --- /etc/pam.d/xdm~ Mon Jun 14 17:39:05 1999 +++ /etc/pam.d/xdm Mon Aug 30 14:54:51 1999 @@ -1,8 +1,10 @@ #%PAM-1.0 +auth sufficient /lib/security/pam_krb4.so auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow nullok use_authtok +session required /lib/security/pam_krb4.so session required /lib/security/pam_pwdb.so session optional /lib/security/pam_console.so -------------------------------------------------------------------------- This stuff may work under some other system. # To get this to work, you will have to add entries to /etc/pam.conf # # To make login kerberos-aware, you might change pam.conf to look # like: # login authorization login auth sufficient /lib/security/pam_krb4.so login auth required /lib/security/pam_securetty.so login auth required /lib/security/pam_unix_auth.so login account required /lib/security/pam_unix_acct.so login password required /lib/security/pam_unix_passwd.so login session required /lib/security/pam_krb4.so login session required /lib/security/pam_unix_session.so