#%PAM-1.0
# Block login if shell in nologin or false
auth		required	pam_succeed_if.so shell notin /sbin/nologin:/usr/sbin/nologin:/bin/false:/usr/bin/false

# Block login if they are globally disabled
auth		required	pam_nologin.so

# Allow access without authentication
auth		required	pam_permit.so

account		include		common-login

# Can't change password
password	required	pam_deny.so

session		substack	common-login
-session	optional	pam_console.so
-session	optional	pam_ck_connector.so
session		required	pam_namespace.so
