#%PAM-1.0
auth		[user_unknown=ignore success=ok ignore=ignore default=bad]	pam_securetty.so
auth		include		system-auth
account		required	pam_nologin.so
account		include		system-auth
password	include		system-auth
# pam_selinux.so close should be the first session rule
session		required	pam_selinux.so close
session		required	pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session		required	pam_selinux.so open
session		required	pam_namespace.so
session		optional	pam_keyinit.so force revoke
session		include		system-auth
-session	optional	pam_ck_connector.so
