auth        required      pam_env.so
{
    my $status = $pam_faillock{status} || 'disabled';
    return unless $status eq 'enabled';
    # lock out users after three unsuccessful attempts and unlock the user account after 10 minutes (600 seconds)
    $OUT .= "auth        required      pam_faillock.so preauth silent audit deny=3 even_deny_root unlock_time=600 root_unlock_time=600";
}
{
    my $status = $pam_abl{status} || 'disabled';
    return unless $status eq 'enabled';
    $OUT .= "auth        required      pam_abl.so config=/etc/security/pam_abl.conf";
}
auth        sufficient    pam_unix.so likeauth nullok
{
    my $status = $ldap{Authentication} || 'disabled';
    return unless $status eq 'enabled';
    $OUT .= "auth        sufficient    pam_ldap.so use_first_pass";
}
{
    my $status = $pam_faillock{status} || 'disabled';
    return unless $status eq 'enabled';
    $OUT .= "auth        [default=die]      pam_faillock.so authfail audit deny=3 unlock_time=600";
}
auth        required      pam_deny.so

