Does not apply to 5.1 which has no pam.conf, just etc/pam.d/
though it has 
	crypto/heimdal/lib/auth/pam/pam.conf.add 
	crypto/kerberosIV/lib/auth/pam/pam.conf.add

no pam.conf in 4.11

*** 4.8-RELEASE/src/etc/pam.conf	Thu Dec 14 16:46:44 2000
--- jhs/src/etc/pam.conf	Thu Dec 14 16:47:12 2000
***************
*** 9,14 ****
--- 9,26 ----
  #
  # $FreeBSD: src/etc/pam.conf,v 1.6 2000/02/12 20:22:20 shin Exp $
  
+ # SERVICE  TYPE  CONTROL	MODULE-PATH			MODULE-ARGUMENTS
+ #  requisite:	failure of such a PAM results in the immediate termination
+ #	 	of the authentication process; 
+ #  required:	failure of such a PAM will ultimately lead to the PAM-API
+ #	 	returning failure but only after the remaining stacked modules
+ #	 	(for this service and type) have been invoked; 
+ #  sufficient:	success of such a module is enough to satisfy the authentication
+ #		requirements of the stack of modules (if a prior
+ #	 	required module has failed the success of this one is ignored); 
+ #  optional:	the success or failure of this module is only important if it is
+ #	 	the only module in the stack associated with this service+type.
+ 
  # If the user can authenticate with S/Key, that's sufficient; allow clear
  # password. Try kerberos, then try plain unix password.
  login	auth	sufficient	pam_skey.so