diff --git a/irods/test/scripts/test002.bats b/irods/test/scripts/test002.bats
new file mode 100755
index 00000000..9f717bbc
--- /dev/null
+++ b/irods/test/scripts/test002.bats
@@ -0,0 +1,47 @@
+#!/usr/bin/env bats
+#
+# Test creation of .irodsA for iRODS native authentication using the free function,
+#    irods.client_init.write_pam_credentials_to_secrets_file
+
+. "$BATS_TEST_DIRNAME"/test_support_functions
+PYTHON=python3
+
+# Setup/prerequisites are same as for login_auth_test.
+# Run as ubuntu user with sudo; python_irodsclient must be installed (in either ~/.local or a virtualenv)
+#
+
+OLD_PAM_PASSWD="test123"
+NEW_PAM_PASSWD="new_pass"
+
+setup()
+{
+    setup_pam_login_for_alice "$OLD_PAM_PASSWD"
+}
+
+teardown()
+{
+    finalize_pam_login_for_alice
+    test_specific_cleanup
+}
+
+@test create_secrets_file {
+
+    # Old .irodsA is already created, so we delete it and alter the pam password.
+    sudo chpasswd <<<"alice:$NEW_PAM_PASSWD"
+    rm -f ~/.irods/.irodsA
+    $PYTHON -c "import irods.client_init; irods.client_init.write_pam_credentials_to_secrets_file('$NEW_PAM_PASSWD')"
+
+    # Define the core Python to be run, basically a minimal code block ensuring that we can authenticate to iRODS
+    # without an exception being raised.
+
+    local SCRIPT="
+import irods.test.helpers as h
+ses = h.make_session()
+ses.collections.get(h.home_collection(ses))
+print ('env_auth_scheme=%s' % ses.pool.account._original_authentication_scheme)
+"
+    OUTPUT=$($PYTHON -c "$SCRIPT")
+    # Assert passing value
+    [ $OUTPUT = "env_auth_scheme=pam_password" ]
+
+}
diff --git a/irods/test/scripts/test003.bats b/irods/test/scripts/test003.bats
new file mode 100755
index 00000000..4686755f
--- /dev/null
+++ b/irods/test/scripts/test003.bats
@@ -0,0 +1,38 @@
+#!/usr/bin/env bats
+#
+# Test creation of .irodsA for iRODS pam_password authentication using the free function,
+#    irods.client_init.write_native_credentials_to_secrets_file
+
+. "$BATS_TEST_DIRNAME"/test_support_functions
+PYTHON=python3
+
+# Setup/prerequisites are same as for login_auth_test.
+# Run as ubuntu user with sudo; python_irodsclient must be installed (in either ~/.local or a virtualenv)
+#
+
+@test create_irods_secrets_file {
+
+    rm -fr ~/.irods
+    mkdir ~/.irods
+    cat > ~/.irods/irods_environment.json <<-EOF
+	{ "irods_host":"$(hostname)",
+      "irods_port":1247,
+      "irods_user_name":"rods",
+      "irods_zone_name":"tempZone"
+    }
+	EOF
+    $PYTHON -c "import irods.client_init; irods.client_init.write_native_credentials_to_secrets_file('rods')"
+
+    # Define the core Python to be run, basically a minimal code block ensuring that we can authenticate to iRODS
+    # without an exception being raised.
+
+    local SCRIPT="
+import irods.test.helpers as h
+ses = h.make_session()
+ses.collections.get(h.home_collection(ses))
+print ('env_auth_scheme=%s' % ses.pool.account._original_authentication_scheme)
+"
+    OUTPUT=$($PYTHON -c "$SCRIPT")
+    # Assert passing value
+    [ $OUTPUT = "env_auth_scheme=native" ]
+}
diff --git a/irods/test/scripts/test012.bats b/irods/test/scripts/test012.bats
new file mode 100755
index 00000000..e0aa05f9
--- /dev/null
+++ b/irods/test/scripts/test012.bats
@@ -0,0 +1,71 @@
+#!/usr/bin/env bats
+#
+# Test creation of .irodsA for iRODS pam_password authentication, this time purely internal to the PRC
+# library code.
+
+. "$BATS_TEST_DIRNAME"/test_support_functions
+PYTHON=python3
+
+# Setup/prerequisites are same as for login_auth_test.
+# Run as ubuntu user with sudo; python_irodsclient must be installed (in either ~/.local or a virtualenv)
+#
+
+PASSWD=test123
+
+setup()
+{
+    export SKIP_IINIT_FOR_PASSWORD=1
+    setup_pam_login_for_alice $PASSWD
+    SKIP_IINIT_FOR_PASSWORD=""
+}
+
+teardown()
+{
+:
+# finalize_pam_login_for_alice
+# test_specific_cleanup
+}
+
+@test f001 {
+
+    AUTH_FILE=~/.irods/.irodsA
+
+    # Test assertion: No pre-existing authentication file.
+    ! [ -e $AUTH_FILE ]
+
+    local SCRIPT="
+import irods.test.helpers as h
+ses = h.make_session()
+ses.collections.get(h.home_collection(ses))
+print ('env_auth_scheme=%s' % ses.pool.account._original_authentication_scheme)
+"
+
+    # First invocation.  PRC will both authenticate with pam_password, and write the generated secrets to the auth file,
+    OUTPUT=$($PYTHON -c "import irods.client_configuration as cfg
+cfg.legacy_auth.pam.password_for_auto_renew = '$PASSWD'
+cfg.legacy_auth.pam.time_to_live_in_hours = 1
+cfg.legacy_auth.pam.store_password_to_environment = True
+$SCRIPT")
+
+    SECRETS_0=$(cat $AUTH_FILE)
+    STAT_0=$(stat -c%y $AUTH_FILE)
+
+    sleep 1.1
+
+    # Second invocation.  PRC will use previously generated secrets from the auth file generated in the first invocation.
+    OUTPUT=$($PYTHON -c "import irods.client_configuration as cfg
+#cfg.legacy_auth.pam.password_for_auto_renew = '$PASSWD'
+cfg.legacy_auth.pam.time_to_live_in_hours = 1
+cfg.legacy_auth.pam.store_password_to_environment = True
+$SCRIPT")
+
+    SECRETS_1=$(cat $AUTH_FILE)
+    STAT_1=$(stat -c%y $AUTH_FILE)
+
+    # Test assertion: authentication file is the same, before and after, with identical modification date and contents.
+    [ "$STAT_1" = "$STAT_0" ]
+    [ "$SECRETS_0" = "$SECRETS_1" ]
+
+    # Test assertion: authentication method is pam_password
+    [ $OUTPUT = "env_auth_scheme=pam_password" ]
+}