To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch: --- /etc/pam.conf.DIST Mon Jul 20 15:37:46 1998 +++ /etc/pam.conf Tue Feb 15 19:39:12 2000 @@ -4,15 +4,19 @@ # # Authentication management # +login auth sufficient /usr/athena/lib/pam_krb4.so login auth required /usr/lib/security/pam_unix.so.1 login auth required /usr/lib/security/pam_dial_auth.so.1 # rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1 rlogin auth required /usr/lib/security/pam_unix.so.1 # +dtlogin auth sufficient /usr/athena/lib/pam_krb4.so dtlogin auth required /usr/lib/security/pam_unix.so.1 # rsh auth required /usr/lib/security/pam_rhosts_auth.so.1 +# Reafslog is for dtlogin lock display +other auth sufficient /usr/athena/lib/pam_krb4.so reafslog other auth required /usr/lib/security/pam_unix.so.1 # # Account management @@ -24,6 +28,8 @@ # # Session management # +dtlogin session required /usr/athena/lib/pam_krb4.so +login session required /usr/athena/lib/pam_krb4.so other session required /usr/lib/security/pam_unix.so.1 # # Password management --------------------------------------------------------------------------- To enable PAM in /bin/login and xdm under Red Hat 6.? apply these patches: --- /etc/pam.d/login~ Tue Dec 7 12:01:35 1999 +++ /etc/pam.d/login Wed May 31 16:27:55 2000 @@ -1,9 +1,12 @@ #%PAM-1.0 +# Updated to work with kerberos +auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow +session required /usr/athena/lib/pam_krb4.so.1.0.1 session required /lib/security/pam_pwdb.so session optional /lib/security/pam_console.so --- /etc/pam.d/xdm~ Wed May 31 16:33:54 2000 +++ /etc/pam.d/xdm Wed May 31 16:28:29 2000 @@ -1,8 +1,11 @@ #%PAM-1.0 +# Updated to work with kerberos +auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1 auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow nullok use_authtok +session required /usr/athena/lib/pam_krb4.so.1.0.1 session required /lib/security/pam_pwdb.so session optional /lib/security/pam_console.so --- /etc/pam.d/gdm~ Wed May 31 16:33:54 2000 +++ /etc/pam.d/gdm Wed May 31 16:34:28 2000 @@ -1,8 +1,11 @@ #%PAM-1.0 +# Updated to work with kerberos +auth sufficient /usr/athena/lib/pam_krb4.so.1.0.1 auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow nullok use_authtok +session required /usr/athena/lib/pam_krb4.so.1.0.1 session required /lib/security/pam_pwdb.so session optional /lib/security/pam_console.so -------------------------------------------------------------------------- This stuff may work under some other system. # To get this to work, you will have to add entries to /etc/pam.conf # # To make login kerberos-aware, you might change pam.conf to look # like: # login authorization login auth sufficient /lib/security/pam_krb4.so login auth required /lib/security/pam_securetty.so login auth required /lib/security/pam_unix_auth.so login account required /lib/security/pam_unix_acct.so login password required /lib/security/pam_unix_passwd.so login session required /lib/security/pam_krb4.so login session required /lib/security/pam_unix_session.so