Hi all, I got a question about security in linux that I'm having trouble googling for. I'm trying to secure a desktop so that users can still log in, but admins have a two factor authentication with the pam_usb module. Is there a way in pam to say "if you are not in group 'x' or root, your password is good enough, otherwise you need your usb key as well"? I've got pam_usb set up for login and su, the su works great, but I don't want to require a key for everyone for login. Thanks all Chris Frederick