2 #auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
3 auth substack system-auth
5 account required pam_nologin.so
6 account include system-auth
7 password include system-auth
8 # pam_selinux.so close should be the first session rule
9 session required pam_selinux.so close
10 session required pam_loginuid.so
11 session optional pam_console.so
12 # pam_selinux.so open should only be followed by sessions to be executed in the user context
13 session required pam_selinux.so open
14 session required pam_namespace.so
15 session optional pam_keyinit.so force revoke
16 session include system-auth
17 session include postlogin
18 #-session optional pam_ck_connector.so