+#%PAM-1.0
+#auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
+auth substack system-auth
+auth include postlogin
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+# pam_selinux.so close should be the first session rule
+session required pam_selinux.so close
+session required pam_loginuid.so
+session optional pam_console.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session required pam_selinux.so open
+session required pam_namespace.so
+session optional pam_keyinit.so force revoke
+session include system-auth
+session include postlogin
+#-session optional pam_ck_connector.so