CityCat4

auth       required     pam_env.so
auth       [success=3 new_authtok_reqd=done default=ignore] pam_unix.so try_first_pass
auth       requisite    pam_succeed_if.so uid >= 1000 quiet
auth       [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so use_first_pass use_authtok krb5_auth krb5_ccache_type=FILE:/tmp/krb5cc_%u cached_login
auth       requisite    pam_deny.so
auth       required     pam_permit.so
auth       optional     pam_keystore.so use_first_pass
auth       optional     pam_ecryptfs.so unwrap
auth       optional     pam_gnome_keyring.so
auth       optional     pam_exec.so seteuid expose_authtok /usr/local/sbin/generate-credstore-auth

account    required     pam_unix.so
account    sufficient   pam_localuser.so
account    sufficient   pam_succeed_if.so uid < 1000 quiet
account    [default=bad success=ok user_unknown=ignore] pam_winbind.so
account    required     pam_permit.so

password   required     pam_pwquality.so try_first_pass retry=3 type=
password   sufficient   pam_unix.so nullok sha512 shadow try_first_pass use_authtok
password   optional     pam_ecryptfs.so
password   required     pam_deny.so
password   optional     pam_gnome_keyring.so

session    required     pam_env.so
session    required     pam_limits.so
-session   optional     pam_loginuid.so
session    optional     pam_mkhomedir.so umask=0077
-session   optional     pam_elogind.so
session    optional     pam_exec.so seteuid /usr/local/sbin/generate-credstore-session -p .trinity/share/config -d DOMAIN
session    [success=2 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session    [success=1 new_authtok_reqd=ok ignore=ignore default=bad] pam_unix.so
session    required     pam_winbind.so
session    optional     pam_ecryptfs.so unwrap
session    optional     pam_gnome_keyring.so auto_start