#%PAM-1.0
# Authentication modules

# If their user exists (success),
auth	[success=ignore ignore=ignore default=1]	pam_succeed_if.so uid >= 0
# print the "You don't have tickets" error:
auth	[success=die ignore=reset default=die]	pam_echo.so file=/etc/issue.net.no_tkt
# else print the "your account doesn't exist" error:
auth	[success=die ignore=reset default=die]	pam_echo.so file=/etc/issue.net.no_user

# Set environment variables:
auth       required     pam_env.so
# Use Unix authentication and succeed immediately (sufficient):
auth       sufficient   pam_unix.so try_first_pass
# If they somehow slipped through, deny:
auth	   required	pam_deny.so

account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    required     pam_loginuid.so
