#%PAM-1.0
auth		required	pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
auth		required	pam_env.so
auth		required	pam_unix.so try_first_pass

account		required	pam_time.so
account		required	pam_unix.so

#password	[success=1 ignore=reset abort=die default=bad]	pam_pwgen.so upper=1 digit=1
password	required	pam_pwquality.so difok=2 minlen=13 dcredit=2 ocredit=2 retry=3
password	required	pam_unix.so try_first_pass yescrypt shadow use_authtok
#password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/db
#password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/yp

session		required	pam_env.so
session		optional	pam_keyinit.so revoke
session		required	pam_limits.so
-session	optional	pam_systemd.so
-session	optional	pam_elogind.so
session		[success=1 default=ignore]	pam_succeed_if.so service in crond quiet use_uid
session		required	pam_unix.so
