#%PAM-1.0
auth        required      pam_env.so
auth        sufficient    pam_unix.so try_first_pass likeauth nullok
auth        required      pam_deny.so

account     required      pam_unix.so

# Make sure you use use_authtok below if and only if you
# want to stack a password checking tool like pam_pwquality
password    sufficient    pam_unix.so try_first_pass nullok sha512 shadow
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_env.so
session     optional      pam_umask.so
session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so