How to configure user in PAM  to not be able to view  the target account's passwords?