2 auth requisite pam_nologin.so
3 auth required pam_env.so readenv=1
4 auth required pam_env.so readenv=1 envfile=/etc/default/locale
5 #auth sufficient pam_thinkfinger.so
7 auth optional pam_gnome_keyring.so
8 @include common-account
9 # SELinux needs to be the first session rule. This ensures that any
10 # lingering context has been cleared. Without out this it is possible
11 # that a module could execute code in the wrong domain.
12 # When the module is present, "required" would be sufficient (When SELinux
13 # is disabled, this returns success.)
14 session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
15 session required pam_limits.so
16 session required pam_loginuid.so
17 @include common-session
18 # SELinux needs to intervene at login time to ensure that the process
19 # starts in the proper default security context. Only sessions which are
20 # intended to run in the user's context should be run after this.
21 session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
22 # When the module is present, "required" would be sufficient (When SELinux
23 # is disabled, this returns success.)
24 session optional pam_gnome_keyring.so auto_start
25 @include common-password