On Solaris, the following configuration is recommended. This turns on IPv6 and also turns on PreFetch for performance benefit.

./autogen.sh --prefix=/usr --sysconfdir=/etc/X11 --localstatedir=/var
   --libexecdir=/usr/lib --enable-ipv6=yes --with-at-bindir=/usr/sfw/bin
   --with-prefetch --with-post-path=/usr/openwin/bin

Configuring GDM with the "--with-post-path=/usr/openwin/bin" on Solaris is recommended for access to programs like Xnest.

GDM supports /etc/logindevperm, but only on Solaris 10 and higher. Refer to the logindevperm.4 man page for more information.

To make /etc/logindevperm functionality work on Solaris 9 or earlier you would have to hack the GDM PreSession and PostSession script to chmod the device permissions directly. In other words, if /etc/logindevperm had a listing like this:

/dev/console    0600    /dev/sound/*            # audio devices

The PreSession script would need to be modified to chown /dev/console to the user:group who is logging into the console and ensure whatever permissions is specified in /etc/logindevperm (0600 for the line above). Then in the PostSession script chmod the device back to root:root and ensure 0600 this time (do not use the value in the /etc/logindevperm file). Linux uses a different mechanism for managing device permissions, so this extra scripting is not needed.

Automatic login does not work on Solaris because PAM is not configured to support this feature by default. Automatic login is a GDM feature that is not enabled by default, so you would only notice this problem if you try to make use of it. Turning this feature on causes your computer to login to a specified username on startup without asking for username and password. This is an unsecure way to set up your computer.

If using Solaris 10 or lower, then you need to compile the pam_allow.c code provided with the GDM release and install it to /usr/lib/security (or provide the full path in /etc/pam.conf) and ensure it is owned by uid 0 and not group or world writable.

The following are reasonable pam.conf values for turning on automatic login in GDM. Make sure to read the PAM documentation (e.g. pam.d/pam.conf man page) and be comfortable with the security implications of any changes you intend to make to your configuration.

       gdm-autologin auth  required    pam_unix_cred.so.1
       gdm-autologin auth  sufficient  pam_allow.so.1
       gdm-autologin account  sufficient  pam_allow.so.1
       gdm-autologin session  sufficient  pam_allow.so.1
       gdm-autologin password  sufficient  pam_allow.so.1

The above setup will cause no lastlog entry to be generated. If a lastlog entry is desired, then use the following for session:

       gdm-autologin session required pam_unix_session.so.1

GDM supports a few features specific to Solaris, as follows:

GDM supports Solaris Auditing if running on Solaris 10 or higher. GDM should not be used if auditing is needed and running Solaris 9 or older.

GDM supports a security feature which causes the X server to run as the user instead of as the root user. GDM must be using PAM for this feature to be enabled, which is the normal case for Solaris. This second feature has the side-effect of causing the X server to always restart between sessions, which disables the AlwaysRestartServer configuration option.

Solaris supports the /etc/default/login interface, which affects the DefaultPath, RootPath, PasswordRequired, and AllowRemoteRoot options as described in the "Configuration" section.