#%PAM-1.0
auth required pam_env.so

# MUST COMMENT OUT OR IT WILL ASK FOR A PASSWORD:
# auth requisite pam_unix.so nullok try_first_pass

# Do a Duo authentication and, if successful, allow the sudo.
# Otherwise, fail.

auth sufficient pam_duo.so conf=/etc/security/pam_duo_su.conf
auth required   pam_deny.so

account    include      common-auth
password   include      common-auth
session    optional     pam_keyinit.so revoke
session    required     pam_limits.so