Description of problem: The pam_laus PAM module can be very confusing to use when there is no documentation for the 'detach' pam_laus control flag. If a process may invoke pam_open_session / pam_authenticate within the same process, the 'detach' control flag must be given to the pam_laus module in the control file, as in: 'session optional pam_laus.so detach' to allow _pam_audit_login to perform a laus_detach() on an already open laus connection before the laus_attach(), which will fail if the process has an open laus connection. Without the detach control flag, all laus messages for the process will be for the first user to set the PAM_USER item with pam_authenticate. The only way to discover the detach flag up till now is to read the source code.
Fixed with laus-0.1-72RHEL3+
laus-0.1-72RHEL3 is now built, and available from: http://people.redhat.com/~jvdias/laus/ errata RHBA-2005:752 generated.