{
    my $hist = $passwordhistory || '0';
    return unless $hist ne '0';
    $OUT .= "password    requisite     pam_pwhistory.so remember=$hist enforce_for_root authtok_type=UNIX debug\n";
    $OUT .= "password    sufficient    pam_unix.so nullok md5 shadow try_first_pass use_authtok audit";
}
{
    my $hist = $passwordhistory || '0';
    return unless $hist eq '0';
    $OUT .= "password    sufficient    pam_unix.so nullok md5 shadow";
}
{
    my $status = $ldap{Authentication} || 'disabled';
    return unless $status eq 'enabled';
    $OUT .= "password    sufficient    pam_ldap.so use_authtok";
}
password    required      pam_deny.so

