Could someone please give me some background and a brief
roadmap of the various available implementations of
pam_krb5 for Solaris 10 Sparc? I am a little confused
about who owns what source code and, more generally, how
pam_krb5 fits, as a product, into the Kerberos world and
whether it's even appropriate to phrase the question that
way.

My primary interest for now is authenticating the Unix
users on an MS Active Directory 2003 domain, via Kerberos.
The service that needs to do this authentication isn't
kerberized but it is PAM enabled. It doesn't support
password change.

>From what I have read on the Web, I beleive the Solaris 10

native (SEAM) pam_krb5.so.1 should be up to the task, but
so far, I've not hit on the right configuration to make it
work. However, on the same Sun machine with the same
krb5.conf and krb5.keytab, I *do* have success with the
Sparc binary of Red Hat pam_krb5.so that I downloaded
from the Certified Security Solutions website. That
binary works just fine right out of the box, so to speak.

This makes me wonder what other people are doing for
Solaris 10 and AD, and what is considered best practice.
Any tips?

By the way, my SEAM pam_krb5 says that it can't find the
keytab entry. I assume this means the "host" entry that
I *do* have in /etc/krb5/krb5.keytab and, just to be sure,
duplicated exactly in /etc/krb5.keytab. The downloaded
pam_krb5 has no such trouble.

Thanks in advance!