auth	required	pam_env.so
auth	sufficient	pam_unix.so try_first_pass nullok
auth	required	pam_deny.so
auth    required    pam_tally2.so file=/var/log/tallylog deny=3 even_deny_root unlock_time=1200

account	required	pam_unix.so

password	requisite	pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password	sufficient	pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password	required	pam_deny.so

session		optional	pam_keyinit.so
session		required	pam_limits.so
-session	[success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session		required	pam_unix.so