diff --git a/sudo-1.6.8p8-pam-sess.patch b/sudo-1.6.8p8-pam-sess.patch
new file mode 100644
index 0000000..e8ce9c1
--- /dev/null
+++ b/sudo-1.6.8p8-pam-sess.patch
@@ -0,0 +1,32 @@
+--- sudo-1.6.8p8/auth/pam.c.sess	2005-05-24 16:38:35.976866872 +0200
++++ sudo-1.6.8p8/auth/pam.c	2005-05-24 16:39:50.061604280 +0200
+@@ -175,6 +175,8 @@
+ pam_prep_user(pw)
+     struct passwd *pw;
+ {
++    int error;
++
+     if (pamh == NULL)
+ 	pam_init(pw, NULL, NULL);
+ 
+@@ -195,6 +197,20 @@
+      */
+     (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ 
++    /*
++     * That's enough initialize PAM session in this function, because
++     * sudo calls it before exec()
++     */
++    if ((error = pam_open_session(pamh, 0))!=PAM_SUCCESS) {
++	    pam_end(pamh, error);
++	    return(AUTH_FAILURE);
++    }
++    /*
++     * For example settings from pam_limits are persistent after pam_session_close() and
++     * it's probably more clean call pam_close_session() than omit it.
++     */
++    pam_close_session(pamh, 0);
++   
+     if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) == PAM_SUCCESS)
+ 	return(AUTH_SUCCESS);
+     else
diff --git a/sudo.spec b/sudo.spec
index c09fb49..879f1b2 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -4,7 +4,7 @@
 Summary: Allows restricted root access for specified users.
 Name: sudo
 Version: 1.6.8p8
-Release: 1
+Release: 2
 License: BSD
 Group: Applications/System
 Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
@@ -17,6 +17,8 @@ BuildRequires: pam-devel, groff
 BuildRequires: libselinux-devel
 %endif
 
+# 154511 – sudo does not use limits.conf
+Patch2: sudo-1.6.8p8-pam-sess.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -36,6 +38,8 @@ on many different machines.
 %patch1 -p1 -b .selinux
 %endif
 
+%patch2 -p1 -b .sess
+
 %build
 %ifarch s390 s390x
 F_PIE=-fPIE
@@ -71,7 +75,7 @@ cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
 auth       required	pam_stack.so service=system-auth
 account    required	pam_stack.so service=system-auth
 password   required	pam_stack.so service=system-auth
-session    required	pam_stack.so service=system-auth
+session    required	pam_limits.so
 EOF
 
 
@@ -101,6 +105,9 @@ rm -rf $RPM_BUILD_ROOT
 /bin/chmod 0440 /etc/sudoers || :
 
 %changelog
+* Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
+- fix #154511 – sudo does not use limits.conf
+
 * Mon Apr  4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
 - new version 1.6.8p8: new sudoedit and sudo_noexec