RedHat's Augeas is available in Debian from Lenny and in Ubuntu at least from Intrepid. It offers a convenient way to convert human-readable UNIX configuration files to tree structures, search and edit in such trees using XPath-like syntax, and then save them back to their human-readable form. The docs on how to add noted to the tree are in their Wiki.

# (ToDo/FixMe: displace comments along with lines they pertain to)
cat <<EOF | augtool -b

# Remove the existing pam_group include in /etc/pam.d/login, as it doesn't work in the position behind the pam_lwp inclusions
rm "/files/etc/pam.d/login/*[type = 'auth'][control = 'optional'][module = 'pam_group.so']"

# Insert the same include before the lwp-auth include, as it does work there
ins 01 before "/files/etc/pam.d/login/include[. = 'lwp-auth']"
set /files/etc/pam.d/login/01/type auth
set /files/etc/pam.d/login/01/control optional
set /files/etc/pam.d/login/01/module pam_group.so

save

EOF
    

That script edited /etc/pam.d/login, which contained:

# Standard Un*x authentication.
@include lwp-auth

# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
auth    optional        pam_group.so        
    

... and now contains:

# Standard Un*x authentication.
auth    optional        pam_group.so
@include lwp-auth

# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)