In a Debian-like system, the easiest way is to use pam-auth-update to manage PAM.
To silence specific services, make a file like the following:
/usr/share/pam-configs/shutup
# Don't log "session opened" and "session closed" messages for...
# Cron, Samba
# See: https://wiki.ubuntu.com/PAMConfigFrameworkSpec
# https://manpages.debian.org/stretch/libpam-modules/pam_succeed_if.8.en.html
Name: disable annoying services session logging
Default: yes
Priority: 300
Session-Type: Additional
Session:
[default=ignore success=1] pam_succeed_if.so quiet service in samba:cron
This silences samba and cron. quiet means that this rule always succeeds or fails silently. success=1 skips the next rule (i.e. pam_unix), silencing a session open/close. You can also specify users only by replacing service in samba:cron with something like ruser in michael:otheruser.
After doing this, run pam-auth-update as root, selecting the configuration you just made. You can programmatically update configs by passing –package, preventing options from needing to be chosen by the user.