# /etc/pam.d/common-account - authorization settings common to all services
#
# ::do_not_edit::
# ::maintainer::
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system.  The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
#ubuntu version
#account	[success=1 default=ignore]	pam_unix.so
#account	required			pam_ldap.so
#account	required			pam_permit.so

#devuan version
#account		required	pam_unix.so
#account		sufficient	pam_succeed_if.so uid < 1000 quiet
#account		[default=bad success=ok user_unknown=ignore] pam_ldap.so
#account		required	pam_permit.so

account	[success=2 default=ignore]	pam_unix.so
account	sufficient			pam_succeed_if.so uid < 1000 quiet
account	required			pam_ldap.so
account	required			pam_permit.so
