diff -up Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c.canonicalize Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c
--- Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c.canonicalize	2013-06-18 16:11:21.000000000 +0200
+++ Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c	2014-03-06 12:03:54.429639972 +0100
@@ -491,12 +491,17 @@ compute_exec_context(pam_handle_t *pamh,
   char *level = NULL;
   security_context_t *contextlist = NULL;
   int num_contexts = 0;
+  const struct passwd *pwd;
 
   if (!(username = get_item(pamh, PAM_USER))) {
     pam_syslog(pamh, LOG_ERR, "Cannot obtain the user name");
     return PAM_USER_UNKNOWN;
   }
 
+  if ((pwd = pam_modutil_getpwnam(pamh, username)) != NULL) {
+    username = pwd->pw_name;
+  } /* ignore error and keep using original username */
+
   /* compute execute context */
 #ifdef HAVE_GETSEUSER
   if (!(service = get_item(pamh, PAM_SERVICE))) {