Sun Enterprise Authentication Mechanism 1.0.2 Guide

PAM Configuration File

The default PAM configuration file delivered in Solaris 9 release has entries to support acquiring initial credentials using the authentication module. Also, Kerberos password aging is supported using the account and password modules. For a complete description of the Solaris 9 implementation, see "SEAM Files" in System Administration Guide: Security Services and the pam_krb5(5) man page.

When SEAM 1.0.2 files are installed, the following entries are appended to the /etc/pam.conf file.

ktelnet         auth required  acceptor
krlogin         auth required  acceptor
krsh            auth required  acceptor

The acceptor option allows a properly authenticated and authorized remote user to login without having to type a password. Since the user has been authenticated before trying the remote applications, the user does not need to be authenticated again on the remote host. Please see the krb5_auth_rules(5) man page for more information about authorization.