# Configuration file for Pluggable Authentication Modules (PAM).
#
# This file controls the authentication methods that login and other
# utilities use.  See pam(8) for a description of its format.
#
# Note: the final entry must say "required" -- otherwise, things don't
# work quite right.  If you delete the final entry, be sure to change
# "sufficient" to "required" in the entry before it.
#
# $FreeBSD$

# If the user can authenticate with S/Key, that's sufficient.
login	auth	sufficient	pam_skey.so

# Check skey.access to make sure it is OK to let the user type in
# a cleartext password.  If not, then fail right here.
login	auth	requisite	pam_cleartext_pass_ok.so

# If you want KerberosIV authentication, uncomment the next line:
#login	auth	sufficient	pam_kerberosIV.so		try_first_pass

# Traditional getpwnam() authentication.
login	auth	required	pam_unix.so			try_first_pass