# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
auth       requisite  pam_securetty.so

# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth       required   pam_nologin.so

# This module parses /etc/environment (the standard for setting
# environ vars) and also allows you to use an extended config
# file /etc/security/pam_env.conf.
# (Replaces the `ENVIRON_FILE' setting from login.defs)
auth       required   pam_env.so

# Standard Un*x authentication
auth       sufficient pam_unix.so
auth       sufficient pam_opie.so
auth       required   pam_deny.so

# Standard Un*x account and session
account    required   pam_unix.so
session    required   pam_unix.so

# Set's up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
session    required   pam_limits.so

# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session    optional   pam_lastlog.so

# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session    optional   pam_motd.so

# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs)
session    optional   pam_mail.so standard

# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH',
#
password required       pam_cracklib.so retry=3 minlen=10 difok=3
password required       pam_unix.so use_authtok nullok md5
