- actually use a configuration file that's not login's as a template

gssftp.pamd

@@ -1,14 +1,9 @@
 #%PAM-1.0
-auth       required     pam_securetty.so
+auth    required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
-auth       include      system-auth
+auth    required pam_shells.so
-account    required     pam_nologin.so
+auth    include  system-auth
-account    include      system-auth
+account required pam_nologin.so
-password   include      system-auth
+account include  system-auth
-# pam_selinux.so close should be the first session rule
+session optional pam_keyinit.so force revoke
-session    required     pam_selinux.so close
+session include  system-auth
-session    optional     pam_keyinit.so force revoke
+session required pam_loginuid.so
-session    include      system-auth
-session    required     pam_loginuid.so
-session    optional     pam_console.so
-# pam_selinux.so open should only be followed by sessions to be executed in the user context
-session    required     pam_selinux.so open