hi all,
We have 40+ Linux systems 6 of which are SLES.
We have AD authentication with kerberos on to all this servers.
As the client configuration is only a copy paste, I could complete authentication by SCPing all 3 files

scp xx.yy.zz.aaa:/etc/krb5.conf /etc/krb5.conf;
scp xx.yy.zz.aaa:/etc/pam.d/system-auth /etc/pam.d/system-auth

This went well in all 34 RHEL boxes, however was a great failure in SLES1164 boxes.

Any quick clues to make this work. When a user tried to login, I striaght away see sshd/pam related errors only in /var/log/messages file.

/etc/pam.d/sshd, /etc/pam.d/common-auth file are what I suspect. as this is a new release I am unable to find much info.

Whenever you authenticate through a PAM-enabled service, PAM will look for authentication rules in /etc/pam.d/<servicename>. These files may include other files using the include directive.

RHEL, Fedora and a few other distributions include a file called "system-auth", which contains common authentication rules. That way, you can change the authentication rules for several (or even all) services by modifying a single file. Note that PAM never calls "system-auth" by itself; it has to be manually called/included from the other files.

I've never seen "common-auth", but my guess is it does the same thing. A quick look at the other files (like /etc/pam.d/login or /etc/pam.d/sshd) should tell you if that's correct.