I have a question about pam_access.so and need some suggestions. My problem is if root password is expired, root’s cron job(s) can not be run. I found two desing options;
1 - root password is configured for non-expire
2- /etc/pam.d/crond includes "account sufficient pam_access.so" instead of "account required pam_access.so"
 is OK but i want to select second with some restriction(s). "sufficient" flag does not prevent unauthorized attempt so i don't want use second exactly.
how to define "account required pam_access.so with disable_aging=ok"