mstyne/gist:39457754d34f98f3d19f3323bf9a4a77

## gistfile1.txt
#%PAM-1.0
auth	     required	    pam_sepermit.so
#auth      substack     password-auth
auth       sufficient   /lib64/security/pam_duo.so
auth       required     pam_deny.so
auth       include      postlogin
# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare
	#%PAM-1.0
	auth required pam_sepermit.so
	#auth substack password-auth
	auth sufficient /lib64/security/pam_duo.so
	auth required pam_deny.so
	auth include postlogin
	# Used with polkit to reauthorize users in remote sessions
	-auth optional pam_reauthorize.so prepare
	account required pam_nologin.so
	account include password-auth
	password include password-auth
	# pam_selinux.so close should be the first session rule
	session required pam_selinux.so close
	session required pam_loginuid.so
	# pam_selinux.so open should only be followed by sessions to be executed in the user context
	session required pam_selinux.so open env_params
	session required pam_namespace.so
	session optional pam_keyinit.so force revoke
	session include password-auth
	session include postlogin
	# Used with polkit to reauthorize users in remote sessions
	-session optional pam_reauthorize.so prepare