diff --git a/pam.changes b/pam.changes
index 7dd6086..536aae7 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Jan 19 11:11:47 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
+
+- Move pam_namespace to pam-extra due to systemd dependencies
+
 -------------------------------------------------------------------
 Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/pam.spec b/pam.spec
index a0249b5..23bbc86 100644
--- a/pam.spec
+++ b/pam.spec
@@ -151,11 +151,12 @@ username/password pair against values stored in a Berkeley DB database.
 %package -n pam-extra
 Summary:        PAM module with extended dependencies
 Group:          System/Libraries
-#BuildRequires:  pkgconfig(systemd) 
+#BuildRequires:  pkgconfig(systemd)
 # The systemd-mini package does not pass configure checks
 BuildRequires:  systemd-devel >= 254
 BuildRequires:  pam-devel
 Provides:	pam:%{_sbindir}/pam_timestamp_check
+Provides:       pam:%{_sbindir}/pam_namespace_helper
 
 %description -n pam-extra
 PAM (Pluggable Authentication Modules) is a system security tool that
@@ -301,8 +302,6 @@ rm -f %{buildroot}%{_libdir}/security/pam_canonicalize_user.so
 %make_install -C doc
 # XXX remove for now until we have a security review, see above
 rm -f %{buildroot}%{_mandir}/man8/pam_canonicalize_user.8*
-# install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript
-install -d %{buildroot}%{_pam_secconfdir}/namespace.d
 # install other.pamd and common-*.pamd
 install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other
 install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth
@@ -337,7 +336,7 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam
 # /run/motd.d
 install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf
 
-mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d}
+mkdir -p %{buildroot}%{_pam_secdistconfdir}/limits.d
 mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment
 
 # Remove manual pages for main package
@@ -350,9 +349,10 @@ echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5
 %endif
 
 %if !%{build_main}
-rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
+rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir}/{environment,pam.d},%{_sbindir}/{f*,m*,pw*,u*}}
+rm -rf %{buildroot}{%{_pam_secdistconfdir}/{a,f,g,l,p,s,t}*.conf,%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale}
 rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir}}
-rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}*
+rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,no,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}*
 %else
 # Delete files for extra package
 rm -rf  %{buildroot}{%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check}
@@ -419,10 +419,7 @@ done
 %{_pam_secdistconfdir}/sepermit.conf
 %endif
 %{_pam_secdistconfdir}/time.conf
-%{_pam_secdistconfdir}/namespace.conf
-%{_pam_secdistconfdir}/namespace.init
 %{_pam_secdistconfdir}/pwhistory.conf
-%dir %{_pam_secdistconfdir}/namespace.d
 %{_libdir}/libpam.so.0
 %{_libdir}/libpam.so.%{libpam_so_version}
 %{_libdir}/libpamc.so.0
@@ -451,7 +448,6 @@ done
 %{_pam_moduledir}/pam_mail.so
 %{_pam_moduledir}/pam_mkhomedir.so
 %{_pam_moduledir}/pam_motd.so
-%{_pam_moduledir}/pam_namespace.so
 %{_pam_moduledir}/pam_nologin.so
 %{_pam_moduledir}/pam_permit.so
 %{_pam_moduledir}/pam_pwhistory.so
@@ -476,12 +472,10 @@ done
 %{_pam_moduledir}/pam_xauth.so
 %{_sbindir}/faillock
 %{_sbindir}/mkhomedir_helper
-%{_sbindir}/pam_namespace_helper
 %{_sbindir}/pwhistory_helper
 %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd
 %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd
 %attr(0700,root,root) %{_sbindir}/unix_update
-%{_unitdir}/pam_namespace.service
 %{_tmpfilesdir}/pam.conf
 
 %files devel
@@ -506,8 +500,13 @@ done
 %files -n pam-extra
 %defattr(-,root,root,755)
 %{_pam_moduledir}/pam_issue.so
+%{_pam_moduledir}/pam_namespace.so
 %{_pam_moduledir}/pam_timestamp.so
+%{_sbindir}/pam_namespace_helper
 %{_sbindir}/pam_timestamp_check
+%{_pam_secdistconfdir}/namespace.conf
+%{_pam_secdistconfdir}/namespace.init
+%{_unitdir}/pam_namespace.service
 %endif
 
 %if %{build_doc}