configpolicy/roles/sudo/templates/sudo.pam.conf

#%PAM-1.0
{% if sudo_use_pam_ssh_agent %}
-auth      sufficient   pam_ssh_agent_auth.so file=/etc/security/sudo.authorized_keys
{% endif %}
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so revoke
session    required     pam_limits.so
session    include      system-auth