The following is the /etc/pam.d/ssh on my home computer.
#%PAM-1.0
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so try_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so use_first_pass
session required /lib/security/pam_unix_session.so
Here is a relevant section of my /etc/pam.conf on a Sun running Solaris 8.
The only real difference is that the first field in /etc/pam.conf is the
service name, and all fields _must_ be delineated by a tab.
sshd auth optional /usr/lib/security/pam_unix.so.1
sshd auth optional /usr/lib/security/pam_dial_auth.so.1
sshd auth required /usr/lib/security/pam_ldap.so.1
sshd account optional /usr/lib/security/pam_unix.so.1
sshd account required /usr/lib/security/pam_ldap.so.1
sshd account optional /usr/lib/security/pam_unix.so.1
sshd account required /usr/lib/security/pam_ldap.so.1
sshd password sufficient /usr/lib/security/pam_unix.so.1
sshd session sufficient /usr/lib/security/pam_unix.so.1
Ashton Trey Belew
Last modified: Thu Mar 21 09:35:34 EST 2002