# PAM configuration
#
# This file is configured to try pam_unix first, then pam_krb5
#
# Authentication management
#
other	auth sufficient	/usr/lib/security/$ISA/pam_unix.so.1
other	auth required	/usr/lib/security/$ISA/pam_krb5.so.1 use_first_pass
#
# Account management
#
# pam_krb5 has a no-op account module, so we don't bother listing it here
#
other	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
other	account	required	/usr/lib/security/$ISA/pam_projects.so.1
other	account required	/usr/lib/security/$ISA/pam_unix.so.1 
#
# Session management
#
# pam_krb5 destroys any credential cache on session close, so it's good
# to have it here.  However, we also need pam_unix to be called, so don't
# make pam_krb5 "sufficient".
#
other	session optional	/usr/lib/security/$ISA/pam_krb5.so.1
other	session required	/usr/lib/security/$ISA/pam_unix.so.1 
#
# Password management
#
# You may have to fiddle with this if you have other account databases.
# If you have some centralized user management tool that users use to
# change their password then you may just want to remove the pam_krb5
# here.
#
other	password sufficient	/usr/lib/security/$ISA/pam_unix.so.1
other	password required	/usr/lib/security/$ISA/pam_krb5.so.1 use_first_pass
#