diff --git a/coreutils-split-pam.patch b/coreutils-split-pam.patch
new file mode 100644
index 0000000..4d36447
--- /dev/null
+++ b/coreutils-split-pam.patch
@@ -0,0 +1,30 @@
+diff -uNrp -x '*~' coreutils-5.97-orig/src/su.c coreutils-5.97/src/su.c
+--- coreutils-5.97-orig/src/su.c	2006-07-13 12:14:40.000000000 +0100
++++ coreutils-5.97/src/su.c	2006-07-13 12:24:33.000000000 +0100
+@@ -131,11 +131,15 @@
+ 
+ #include "error.h"
+ 
+-/* The official name of this program (e.g., no `g' prefix).  */
++/* The official name of this program (e.g., no `g' prefix).
++ * - Add a "-l" to the name passed to PAM if this is a login simulation
++ */
+ #ifndef RUNUSER
+ #define PROGRAM_NAME "su"
++#define PROGRAM_NAME_L "su-l"
+ #else
+ #define PROGRAM_NAME "runuser"
++#define PROGRAM_NAME_L "runuser-l"
+ #endif
+ 
+ #ifndef AUTHORS
+@@ -310,7 +314,8 @@ correct_password (const struct passwd *p
+ #ifdef USE_PAM
+   struct passwd *caller;
+   char *tty_name, *ttyn;
+-  retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
++  retval = pam_start(simulate_login ? PROGRAM_NAME_L : PROGRAM_NAME,
++		     pw->pw_name, &conv, &pamh);
+   PAM_BAIL_P;
+ 
+ #ifndef RUNUSER
diff --git a/coreutils.spec b/coreutils.spec
index 65e1b22..76c0362 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -16,6 +16,8 @@ Source105:  colorls.sh
 Source106:  colorls.csh
 Source200:  su.pamd
 Source201:  runuser.pamd
+Source202:  su-l.pamd
+Source203:  runuser-l.pamd
 
 # From upstream
 Patch1: coreutils-sort-compatibility.patch
@@ -45,6 +47,7 @@ Patch908: coreutils-getgrouplist.patch
 Patch912: coreutils-overflow.patch
 Patch913: coreutils-afs.patch
 Patch914: coreutils-autoconf.patch
+Patch915: coreutils-split-pam.patch
 
 #SELINUX Patch
 Patch950: coreutils-selinux.patch
@@ -100,6 +103,7 @@ the old GNU fileutils, sh-utils, and textutils packages.
 %patch912 -p1 -b .overflow
 %patch913 -p1 -b .afs
 %patch914 -p1 -b .autoconf
+%patch915 -p1 -b .splitl
 
 #SELinux
 %patch950 -p1 -b .selinux
@@ -185,7 +189,9 @@ for i in hostname uptime kill ; do
 done
 
 %{?!nopam:install -m 644 %SOURCE200 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su}
+%{?!nopam:install -m 644 %SOURCE202 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su-l}
 %{?!nopam:install -m 644 %SOURCE201 $RPM_BUILD_ROOT%_sysconfdir/pam.d/runuser}
+%{?!nopam:install -m 644 %SOURCE203 $RPM_BUILD_ROOT%_sysconfdir/pam.d/runuser-l}
 
 bzip2 -f9 old/*/C* || :
 
@@ -231,7 +237,9 @@ fi
 %config(noreplace) %{_sysconfdir}/DIR_COLORS*
 %config(noreplace) %{_sysconfdir}/profile.d/*
 %{?!nopam:%config(noreplace) /etc/pam.d/su}
+%{?!nopam:%config(noreplace) /etc/pam.d/su-l}
 %{?!nopam:%config(noreplace) /etc/pam.d/runuser}
+%{?!nopam:%config(noreplace) /etc/pam.d/runuser-l}
 %doc ABOUT-NLS ChangeLog.bz2 NEWS README THANKS TODO old/*
 /bin/basename
 /bin/cat
@@ -272,6 +280,11 @@ fi
 /sbin/runuser
 
 %changelog
+* Thu Jul 13 2006 David Howells <dhowells@redhat.com>
+- split the PAM scripts for "su -l"/"runuser -l" from that of normal "su" and
+  "runuser" (#198639)
+- add keyinit instructions to PAM scripts
+
 * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 5.97-3.1
 - rebuild