Description of problem: The file /etc/pam.d/system-auth, which is included into a number of other PAM configuration files and which is (apparently) generated by authconfig, contains what looks like nonsense logic. Version-Release number of selected component (if applicable): 0.99.3.0-2 This is the content of the auth section of that file using only local authentication: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so The pam_succeed_if line does not affect the outcome. (It was probably intended to deny logins where 0<UID<500?) In the account section there is similar fluff: account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so The pam_succeed_if line here has no effect on the outcome.
This is not a bug. These lines come to effect when the authentication against a network service (LDAP, KRB5) is enabled. Otherwise they just don't change anything so there is no need to remove them if no such authentication service is enabled. The auth line disappears when "Authenticate system accounts by network services" is enabled.