startx もそうですが、sshd も、pam を使うようになったようです。/usr/src/etc/pam.conf を参考にして、/etc/pam.conf を修正します。真面目にやるなら、margemaster ですね。
/etc/pam.conf
# If the user can authenticate with S/Key, that's sufficient.
login auth sufficient pam_skey.so
# Check skey.access to make sure it is OK to let the user type in
# a cleartext password. If not, then fail right here.
login auth requisite pam_cleartext_pass_ok.so
# If you want KerberosIV authentication, uncomment the next line:
#login auth sufficient pam_kerberosIV.so try_first_pass
# Traditional getpwnam() authentication.
login auth required pam_unix.so try_first_pass
########### startx
xserver auth sufficient pam_permit.so
xserver account sufficient pam_permit.so
xim auth sufficient pam_permit.so
xim account sufficient pam_permit.so
xim session sufficient pam_permit.so
# OpenSSH with PAM support requires similar modules. The session one is
# a bit strange, though...
sshd auth sufficient pam_skey.so
#sshd auth sufficient pam_kerberosIV.so try_first_pass
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so