diff --git a/files/2fa/sudo.pam b/files/2fa/sudo.pam
index aa59ebf7a7..ae846a7665 100644
--- a/files/2fa/sudo.pam
+++ b/files/2fa/sudo.pam
@@ -4,7 +4,10 @@ auth       sufficient   pam_url.so config=/etc/pam_url.conf
 auth       requisite    pam_succeed_if.so uid >= 500 quiet
 auth       required     pam_deny.so
 
+{% if env == "production" %}
 auth       include      system-auth
+{% endif %}
+
 account    include      system-auth
 password   include      system-auth
 session    optional     pam_keyinit.so revoke