#%PAM-1.0
-auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
-auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/security/blacklist.ftp onerr=succeed
-auth required /lib/security/pam_unix.so
-auth required /lib/security/pam_tally.so file=/var/log/faillog onerr=succeed no_magic_root
-auth required /lib/security/pam_shells.so
-auth required /lib/security/pam_nologin.so
-account required /lib/security/pam_tally.so deny=0 file=/var/log/faillog onerr=succeed no_magic_root
-account required /lib/security/pam_access.so
-account required /lib/security/pam_unix.so
-session required /lib/security/pam_unix.so
+auth required pam_listfile.so item=user sense=deny file=/etc/ftpd/ftpusers onerr=succeed
+auth required pam_listfile.so item=user sense=deny file=/etc/security/blacklist.ftp onerr=succeed
+#auth required pam_shells.so
+auth include system-auth
+# above line in chroot()ed environment (when using DefaultRoot) causes:
+# pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
+# pam_tally(ftp:setcred): pam_get_uid; no such user
+# only with pam_unix in session component
+account required pam_nologin.so
+account include system-auth
+session required pam_limits.so
+session required pam_unix.so
+# on logout: PAM audit_log_acct_message() failed: Operation not permitted