Import sfw build 147
Bugs Fixed
----------
4876883 TrueTime Clock driver support in xntpd fails in year 2032
6641606 Samba 3.0.x should support StartTLS or LDAPS for LDAP access.
6647164 net ads keytab add host fails to create keytab entry
6688158 winbindd: Exceeding 200 client connections, no idle connection found (Bugzilla Bug 3204)
6706912 SWAT component of Samba should be a separate package.
6725643 SUNWsmbar seems to include unused i.services
6749477 Samba source code software should include libsunwrap.a file
6770655 Samba: Bugzilla 5655 "Mac OS X 10.5.4 clients fail to authenticate with Kerberos credententials"
6785625 samba module nss_winbind.so.1 is required as 64 bit version
6852659 Update samba to 3.3.5 or later
6891889 Write keytab to file method is missing in krb5_keytab
6892860 Samba needs Directory Server 6 C-SDK
6949937 BIND validating resolver searches very aggressively for a match for its trust anchor.
6951320 NTP Bug320: restrict default ignore not working with ipv6
6952924 dig(1M) and nslookup(1M) crash in libisc:isc_socket_detach()
6954726 Update samba to 3.5.4
6955224 BIND named dns_db_getnsec3parameters() fails to assert dns_db_iszone(db) == ISC_TRUE
6969855 If autokey is set up with two copies of the same key, ntpd segfaults.
6969858 Missing refclock causes ntpd to exit without logging a reason.
6969878 Upgrade NTP to version ntp-dev 4.2.5p200
6971713 BIND 9.6.1 Makefile.sfw issues
6975270 libtspi does not link with correct _init and _fini sections
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#ident "@(#)pam.conf-winbind 1.1 07/02/20 SMI"
#
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth required pam_unix_auth.so.1
#
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1
krlogin auth binding pam_krb5.so.1
krlogin auth required pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh auth required pam_unix_cred.so.1
krsh auth binding pam_krb5.so.1
krsh auth required pam_unix_auth.so.1
#
# Kerberized telnet service
#
ktelnet auth required pam_unix_cred.so.1
ktelnet auth binding pam_krb5.so.1
ktelnet auth required pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_cred.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth required pam_unix_auth.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth required pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account sufficient pam_unix_account.so.1
other account required pam_winbind.so
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_winbind.so
other password required pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#