Is there a reason why you dont just modify the system-auth file in pam.d? It is branched to by nearly all other pam.d config in redhat7.X. Unless you want to limit which services get AFS auth, i see no reason to modify so many files. Or am i missing something? -Matt