This Solaris 10 release introduces changes in pam_ldap functionality. When you upgrade to the current release, pam_ldap configurations in your existing pam.conf configuration file are not updated to reflect these changes. If pam_ldap configuration is detected, the CLEANUP file that is generated at the end of the upgrade contains the following notification:
/etc/pam.conf please examine/update the pam_ldap configuration because its functionality has changed, refer to pam_ldap(5) documentation for more information
Workaround: After the upgrade, examine /etc/pam.conf. If necessary, modify this file manually to be compatible with the new functionalities of pam_ldap. The modifications involve password prompting such as the use_first_pass and try_first_pass options as well as password updates. For more information about updating pam.conf, refer to the pam_ldap(5) man page and documentation.