diff --git a/debian/vyos-1x.preinst b/debian/vyos-1x.preinst
index 87e09e87cd..e97d33aa5c 100644
--- a/debian/vyos-1x.preinst
+++ b/debian/vyos-1x.preinst
@@ -23,3 +23,6 @@ dpkg-divert --package vyos-1x --divert /config/freeipa/etc/sssd/pki/sssd_auth_ca
 dpkg-divert --package vyos-1x --divert /config/freeipa/etc/sssd/sssd.conf --add --rename /etc/sssd/sssd.conf
 dpkg-divert --package vyos-1x --divert /config/freeipa/etc/telegraf/telegraf.conf --add --rename /etc/telegraf/telegraf.conf
 dpkg-divert --package vyos-1x --divert /config/freeipa/root/.k5login --add --rename /root/.k5login
+dpkg-divert --package vyos-1x --add --rename /usr/share/pam-configs/ldap
+dpkg-divert --package vyos-1x --add --rename /usr/share/pam-configs/sss
+dpkg-divert --package vyos-1x --add --rename /usr/share/pam-configs/unix
diff --git a/src/pam-configs/ldap b/src/pam-configs/ldap
new file mode 100644
index 0000000000..9dcd5a8cc3
--- /dev/null
+++ b/src/pam-configs/ldap
@@ -0,0 +1,20 @@
+Name: LDAP Authentication
+Default: no
+Priority: 128
+Auth-Type: Primary
+Auth-Initial:
+        [success=end default=ignore]    pam_ldap.so minimum_uid=1000
+Auth:
+        [success=end default=ignore]    pam_ldap.so minimum_uid=1000 use_first_pass
+Account-Type: Additional
+Account:
+        [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad]        pam_ldap.so minimum_uid=1000
+Password-Type: Primary
+Password-Initial:
+        [success=end default=ignore]    pam_ldap.so minimum_uid=1000
+Password:
+        [success=end default=ignore]    pam_ldap.so minimum_uid=1000 try_first_pass
+Session-Type: Additional
+Session:
+        [success=ok default=ignore]     pam_ldap.so minimum_uid=1000
+
diff --git a/src/pam-configs/sss b/src/pam-configs/sss
new file mode 100644
index 0000000000..f66f875b86
--- /dev/null
+++ b/src/pam-configs/sss
@@ -0,0 +1,23 @@
+Name: SSS authentication
+Default: yes
+Priority: 128
+
+Auth-Type: Primary
+Auth:
+        [success=end default=ignore]    pam_sss.so forward_pass
+Auth-Initial:
+        [success=end default=ignore]    pam_sss.so forward_pass
+Account-Type: Additional
+Account:
+        sufficient                      pam_localuser.so
+        [default=bad success=ok user_unknown=ignore]    pam_sss.so
+Session-Type: Additional
+Session-Interactive-Only: yes
+Session:
+        optional                        pam_sss.so
+Password-Type: Primary
+Password:
+        sufficient                      pam_sss.so use_authtok
+Password-Initial:
+        sufficient                      pam_sss.so
+
diff --git a/src/pam-configs/unix b/src/pam-configs/unix
new file mode 100644
index 0000000000..69bfea87ad
--- /dev/null
+++ b/src/pam-configs/unix
@@ -0,0 +1,30 @@
+Name: Unix authentication
+Default: yes
+Priority: 256
+Auth-Type: Primary
+Auth:
+        [success=ok default=1]    pam_localuser.so
+        [success=end default=ignore]    pam_unix.so nullok try_first_pass
+Auth-Initial:
+        [success=ok default=1]    pam_localuser.so
+        [success=end default=ignore]    pam_unix.so nullok
+Account-Type: Primary
+Account:
+        [success=ok default=1]    pam_localuser.so
+        [success=end new_authtok_reqd=done default=ignore]      pam_unix.so
+Account-Initial:
+        [success=ok default=1]    pam_localuser.so
+        [success=end new_authtok_reqd=done default=ignore]      pam_unix.so
+Session-Type: Additional
+Session:
+        required        pam_unix.so
+Session-Initial:
+        required        pam_unix.so
+Password-Type: Primary
+Password:
+        [success=ok default=1]    pam_localuser.so
+        [success=end default=ignore]    pam_unix.so obscure use_authtok try_first_pass yescrypt
+Password-Initial:
+        [success=ok default=1]    pam_localuser.so
+        [success=end default=ignore]    pam_unix.so obscure yescrypt
+