#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
auth required pam_env.so
-auth required pam_unix.so try_first_pass
auth required pam_tally.so deny=0 file=/var/log/faillog onerr=succeed
-auth required pam_nologin.so
+auth required pam_unix.so try_first_pass
account required pam_tally.so file=/var/log/faillog onerr=succeed
account required pam_unix.so
+# password [success=1 ignore=reset abort=die default=bad] pam_pwgen.so upper=1 digit=1
password required pam_cracklib.so try_first_pass difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass blowfish shadow use_authtok
+# password required pam_exec.so failok seteuid /usr/bin/make -C /var/db
session optional pam_keyinit.so revoke
-session required pam_env.so
session required pam_limits.so change_uid
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so