If a succesful login at the console (e.g. user 'phnl') FOLLOWS an unsuccesful one (e.g. false user name, 'Shit' in the example), then if user phnl does a 'ps axu' one of the entries is the following: phnl 16792 0.1 1.5 1500 988 1 S 20:33 0:00 /bin/login -- Shit The particular process is the succesfull login of phnl but appears with the name 'Shit' which is the previous unsuccesfull login. It is not important of course but its is a fault. And on the other hand it could be a 'secutity hole' for someone who by mistake types the pass instead of username. Then everyone could see his password simply doing a 'ps axu'! I tried two different machines with kernels 2.0.34 and 2.0.36 both with redhat 5.1 and the result was the same.
I have been able to replicate this bug with 5.1. The failed login name does show up in a ps -ax listing. On the other hand I could not get this to happen using 5.2. My suggestion would be to upgrade to 5.2.