#%PAM-1.0
#    Copyright (c) 2011-2015 Ericsson AB.
#    All rights reserved.

# to have setcred logic work for ipos admins, we need to have pam_rcm
# before pam_unix. Behaviour of pam_unix is to return success for
# setcred always. noauth option will make sure that it only does setcred.
# auth        required     pam_rcm.so  debug noauth
auth        sufficient    pam_unix.so try_first_pass nullok
# disable setcred as it already done before for pam_rcm
#auth        sufficient    pam_rcm.so debug nosetcred
auth        sufficient    pam_rcm.so debug
auth        required      pam_deny.so

account     sufficient    pam_unix.so debug
account     required      pam_rcm.so debug

# pam_cracklib.so is not in the SSR rootfs: uncomment when it is..
# password    required      pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so try_first_pass use_authtok nullok md5 shadow
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     sufficient    pam_unix.so debug
session     required      pam_rcm.so debug
