c5f8dc95c6
to the target user immediately before setting resource limits, which is after the monitor process has forked (so it has the old value). Also, if the user did not authenticate, there is no pamh in the monitor so we need to init pam here too. This means we end up calling pam_start() twice, which should be fixed, but at least the session is always properly closed now.