#!/bin/bash
main () {
	setup_var
	setup_ucr krb5
	gen_common

	check account '[success=done new_authtok_reqd=done acct_expired=bad default=ignore]' pam_unix.so
	check account 'required' pam_krb5.so

	check auth 'requisite' pam_nologin.so
	check auth 'sufficient' pam_unix.so
	check auth '[success=done new_authtok_reqd=ok user_unknown=die service_err=die authinfo_unavail=die default=die]' pam_krb5.so 'use_first_pass'
	check auth 'required' pam_env.so

	check session 'required' pam_unix.so
	check session 'optional' pam_krb5.so
	check session 'required' pam_limits.so

	check password 'requisite' pam_pwquality.so
	check password '[success=2 default=ignore]' pam_unix.so 'obscure sha512 try_first_pass use_authtok'
	check password '[success=1 default=ignore]' pam_krb5.so 'try_first_pass use_authtok'
	check password 'requisite' pam_deny.so
	check password 'required' pam_permit.so
}
. "${0%/*}/common.sh" || exit 1
