########################### /etc/pam.d/ssh ############################
# http://homex.subnet.at/~max/ldap/

auth       required     pam_env.so # [1]
# Woody's SSHD checks for /etc/nologin automatically,
# so there's no need for pam_nologin in /etc/pam.d/ssh.
#auth       required     pam_nologin.so
#auth       sufficient   pam_ldap.so
auth       sufficient   pam_ldap.so filter=|(host=hostname.yourdomain.net)(host=\*)
auth       required     pam_unix.so
 
account    sufficient   pam_ldap.so
account    required     pam_unix.so
 
session    sufficient   pam_ldap.so
session    required     pam_unix.so
session    optional     pam_lastlog.so # [1]
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard noenv # [1]
session    required     pam_limits.so

password   sufficient   pam_ldap.so
password   required     pam_unix.so
#######################################################################