#%PAM-1.0
# -------------------------------------------------------------
auth            required        pam_nologin.so
auth            required        pam_env.so envfile=/etc/default/locale

@include common-auth
# -------------------------------------------------------------
@include common-account
# -------------------------------------------------------------
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without out this it is possible
# that a module could execute code in the wrong domain.
# pam_selinux is unavailable for !linux, use [...] instead of required.
session	 [success=ok ignore=ignore module_unknown=ignore default=bad]   pam_selinux.so close

session	 required        pam_limits.so
session	 required        pam_loginuid.so

@include common-session

# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
# pam_selinux is unavailable for !linux, use [...] instead of required.
session	 [success=ok ignore=ignore module_unknown=ignore default=bad]   pam_selinux.so open
