pam_eaccess is a PAM module which add a generic way to do authorization. Indeed, for each service (for which you want add authorization) you can define the list of users (or all) who are allowed to connect to this service.

• file backend
• per service definition

# svn co http://svn.asyd.net/svn/pam_eaccess/tags/20051106 pam_eaccess
# autoconf
# ./configure
# make
# make install

Check if you have /lib/security/pam_eaccess.o

Well, it's actually very simple, you just need to add the following line to pam config :

auth       required     pam_eaccess.so 

Note: the keyword debug is supported.