The following Pluggable Authentication Module (PAM) changes are introduced:
Module to enable per-user PAM stacks − Enables you to configure the PAM authentication policy on a per-user basis, when used in conjunction with the new pam_policy key ( user_attr (4) ). The default pam.conf file has also been updated to enable you to use this feature by specifying the pam_policy in a user's extended attributes or in a profile that is assigned to a user, as shown in this example:
# usermod -K pam_policy=krb5_only username
See pam_user_policy(5).
PAM configuration in /etc/pam.d – Adds support for configuring PAM by using per-service files. As a result, the contents of the /etc/pam.conf file have been migrated to multiple files within the /etc/pam.d/ directory, based on the relevant PAM service name. This mechanism is the correct method for configuring PAM in Oracle Solaris and is the default method that is used for all new installations. The /etc/pam.conf file is still consulted, so any existing or new changes that are made to this file continue to be recognized.
If you have never edited the /etc/pam.conf file, the file only contains comments that direct you to the per-service equivalents in the /etc/pam.d/ directory. If you previously edited the /etc/pam.conf file, for example, to enable LDAP or Kerberos, a new file name named /etc/pam.conf.new is delivered with the changes that you made. See pam.conf (4) .
definitive flag added to pam.conf – The pam.conf file includes the definitive control_flag in this release. See pam.conf (4) .