2 auth required pam_sepermit.so
3 auth include password-auth
4 account required pam_nologin.so
5 account include password-auth
6 password include password-auth
7 # pam_selinux.so close should be the first session rule
8 session required pam_selinux.so close
9 session required pam_loginuid.so
10 # pam_selinux.so open should only be followed by sessions to be executed in the user context
11 session required pam_selinux.so open env_params
12 session optional pam_keyinit.so force revoke
13 session include password-auth