#%PAM-1.0
auth		required	pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
auth		required	pam_env.so
auth		required	pam_tally.so deny=0 file=/var/log/faillog onerr=succeed
auth		sufficient	pam_unix.so likeauth nullok shadow
auth		sufficient	pam_ldap.so use_first_pass

account		required	pam_tally.so file=/var/log/faillog onerr=succeed
account		required	pam_time.so
account		sufficient	pam_unix.so
account		sufficient	pam_ldap.so

# password	[success=1 ignore=reset abort=die default=bad]	pam_pwgen.so upper=1 digit=1
password	required	pam_cracklib.so try_first_pass difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password	sufficient	pam_unix.so nullok blowfish shadow use_authtok
password	sufficient	pam_ldap.so use_authok use_first_pass
password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/db
# password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/yp

session		optional	pam_keyinit.so revoke
session		required	pam_limits.so change_uid
session		[success=1 default=ignore]	pam_succeed_if.so service in crond quiet use_uid
session		required	pam_unix.so
session		required	pam_mkhomedir.so skel=/etc/skel/ umask=0066
session		optional	pam_ldap.so