#%PAM-1.0
auth	sufficient pam_ldap.so
auth     required	pam_tcb.so shadow fork prefix=$2a$ count=8 nullok
account	sufficient pam_ldap.so
account  required	pam_tcb.so shadow fork use_first_pass
#account  required	pam_mktemp.so
password required	pam_passwdqc.so min=disabled,24,12,8,7 max=40 passphrase=3 match=4 similar=deny random=42 enforce=users retry=3
password sufficient pam_ldap.so use_authtok
password required	pam_tcb.so use_authtok shadow fork prefix=$2a$ count=8 nullok write_to=tcb use_first_pass
session optional pam_ldap.so
session  required	pam_tcb.so
session  required	pam_mkhomedir.so skel=/etc/skel/ umask=0077
session  required	pam_limits.so