Coy Hile writes:

> Does your pam_krb5 implmentation support this type of setup? The stock
> one that ships with Solaris does not.


Yup, it should prompt the user to change their password. It just makes
use of the support inside the Kerberos libraries for doing so, though, so
that may not work when built against the Solaris Kerberos libraries if
they don't include that support. I don't know; I don't use Solaris's
Kerberos implementation.

--
Russ Allbery (rra@stanford.edu)