diff --git a/openssh.changes b/openssh.changes
index 9e10c91..81250b0 100644
--- a/openssh.changes
+++ b/openssh.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar 27 08:39:38 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
+
+- Rename sshd.pamd to sshd-sle.pamd and fix order of pam_keyinit
+- Add new sshd.pamd including postlogin-* config files
+
 -------------------------------------------------------------------
 Wed Feb 15 10:35:43 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/openssh.spec b/openssh.spec
index f7925f1..b3434c7 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -51,6 +51,7 @@ Source11:       README.FIPS
 Source12:       cavs_driver-ssh.pl
 Source13:       https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc#/openssh.keyring
 Source14:       sysusers-sshd.conf
+Source15:       sshd-sle.pamd
 Patch1:         openssh-7.7p1-X11_trusted_forwarding.patch
 Patch3:         openssh-7.7p1-enable_PAM_by_default.patch
 Patch4:         openssh-7.7p1-eal3.patch
@@ -308,8 +309,9 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
 install -d -m 755 %{buildroot}%{_pam_vendordir}
 install -m 644 %{SOURCE2} %{buildroot}%{_pam_vendordir}/sshd
 %else
+# SLE has no distconfdir, so use sle PAM config
 install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
-install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sshd
+install -m 644 %{SOURCE15} %{buildroot}%{_sysconfdir}/pam.d/sshd
 %endif
 install -d -m 755 %{buildroot}%{_localstatedir}/lib/sshd
 install -d -m 755 %{buildroot}%{_sysconfdir}/ssh/ssh_config.d
diff --git a/sshd-sle.pamd b/sshd-sle.pamd
new file mode 100644
index 0000000..efe67cb
--- /dev/null
+++ b/sshd-sle.pamd
@@ -0,0 +1,11 @@
+#%PAM-1.0
+auth        requisite   pam_nologin.so
+auth        include     common-auth
+account     requisite   pam_nologin.so
+account     include     common-account
+password    include     common-password
+session     required    pam_loginuid.so
+session     optional    pam_keyinit.so   force revoke
+session     include     common-session
+session     optional    pam_motd.so
+
diff --git a/sshd.pamd b/sshd.pamd
index cf9867c..323cf44 100644
--- a/sshd.pamd
+++ b/sshd.pamd
@@ -1,11 +1,14 @@
 #%PAM-1.0
 auth        requisite   pam_nologin.so
-auth        include     common-auth
+auth        substack    common-auth
+auth        include     postlogin-auth
 account     requisite   pam_nologin.so
-account     include     common-account
-password    include     common-password
+account     substack    common-account
+account     include     postlogin-account
+password    substack    common-password
+password    include     postlogin-password
 session     required    pam_loginuid.so
-session     include     common-session
 session     optional    pam_keyinit.so   force revoke
+session     substack    common-session
+session     include     postlogin-session
 session     optional    pam_motd.so
-