CentOS - Oct 2012 - CentOS6 and pam_access

I just realised that pam_access no longer works under CentOS6 - or it works
 differently from CentOS5.

 Under CentOS5, I used this configuration to restrict access to root only:

# cat /etc/security/access.conf
+ : root : ALL
- : ALL : ALL
# cat /etc/pam.d/system-auth-ac
...
account     required      pam_access.so
account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so
...
# 

 Under CentOS6, this has no effect and I can still login as non-root user.
 What am I missing?

>  Under CentOS5, I used this configuration to restrict access to root only:
> 
> # cat /etc/security/access.conf
> + : root : ALL
> - : ALL : ALL
> # cat /etc/pam.d/system-auth-ac
> ...
> account     required      pam_access.so
> account     required      pam_unix.so
> account     sufficient    pam_localuser.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     required      pam_permit.so
> ...
> # 
 
 Figured it out by reverse-engineering the changes made by
system-config-authentication.

 In addition to system-auth-ac, as a minimum, password-auth-ac needs the
 same update. To make it complete, fingerprint-auth-ac and smartcard-auth-ac
 need the additional line, too (not that they matter on the server hw here).

 The state of PAM access is also recorded in /etc/sysconfig/authconfig
 (USEPAMACCESS=yes/no), but this seems to serve as a reminder for
 system-config-authentication more than actual system services configuration.