Untitled

%PAM-1.0

# Load environment settings
auth       required   pam_env.so

# Allow FreeIPA to handle user authentication
auth       sufficient pam_sss.so

# Fall back to local authentication if FreeIPA fails
auth       requisite  pam_unix.so nullok_secure try_first_pass

# Standard account checks
account    [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account    required   pam_permit.so
account    sufficient pam_sss.so

# Password management
password   requisite  pam_pwquality.so retry=3
password   sufficient pam_unix.so sha512 shadow try_first_pass use_authtok
password   sufficient pam_sss.so use_authtok
password   required   pam_deny.so

# Session management
session    required   pam_limits.so
session    required   pam_unix.so
session    optional   pam_sss.so
session    optional   pam_mkhomedir.so skel=/etc/skel umask=0077

# PAM Mkhomedir for creating home directories if they do not exist
session    optional   pam_mkhomedir.so umask=0022 skel=/etc/skel