--- src/su.c.orig	2010-11-25 21:08:03.594408976 -0430
+++ src/su.c.orig	2010-11-25 21:11:49.904408989 -0430
@@ -231,6 +231,13 @@ 
 
 	child = fork ();
 	if (child == 0) {	/* child shell */
+		/* become the new user */
+		if (change_uid (&pwent) != 0) {
+			pam_close_session (pamh, 0);
+			pam_setcred (pamh, PAM_DELETE_CRED);
+			(void) pam_end (pamh, PAM_ABORT);
+			exit (1);
+		}
 		/*
 		 * PAM_DATA_SILENT is not supported by some modules, and
 		 * there is no strong need to clean up the process space's
@@ -297,6 +304,8 @@ 
 		kill (child, SIGTERM);
 	}
 
+	/* Not checking retval on this because we need to call close session */
+	pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
 	ret = pam_close_session (pamh, 0);
 	if (PAM_SUCCESS != ret) {
 		SYSLOG ((LOG_ERR, "pam_close_session: %s",
@@ -910,13 +919,6 @@ 
 		}
 	}
 
-	/* become the new user */
-	if (change_uid (&pwent) != 0) {
-		pam_close_session (pamh, 0);
-		pam_setcred (pamh, PAM_DELETE_CRED);
-		(void) pam_end (pamh, PAM_ABORT);
-		exit (1);
-	}
 #else				/* !USE_PAM */
 	environ = newenvp;	/* make new environment active */