confusing pam/SElinux issue FC4

["P. Thompson" <ptfedora2 majordomo thedacare org>]

I wrote a web page with a back end script to allow my wife to "turn off
the internet" when she gets mad at our daughter.  

It basically uses sudo to allow the apache user to turn off or on IP 
forwarding which disables internet for our XP machine living behind the 
FC4 firewall.

This all worked fine on FC3 after I got the SE linux rules worked out to 
allow everything to happen.  It works not at all under FC4.

The sudo that the apache user does to turn off forwarding appears to 
function, but PAM then errors and fails:

This is what pam spits into the /var/log/secure file:

Sep 17 22:16:22 monotheletisia sudo:   apache : pam_authenticate: System 
error ; TTY=unknown ; PWD=/var/www/internet/scripts ; USER=root ; 
COMMAND=/var/www/html/internet/scripts/nointernet 0

Nothing appears in the /var/log/audit/audit.log when this pam error 
happens, so I am assuming that SElinux is OK??

Google is not forthcoming on the issue of "pam_authenticate System error".

The best I can find is that it means "The pam_handle_t passed as a first 
argument to this function was invalid."

However, I am not making the system call, sudo is.  So is the a bug, 
misconfiguration, my dumb error or other in sudo or in pam?


The /var/www/html/internet/scripts/nointernet referenced above is a simple 
script:
#!/bin/bash
echo $1 > /proc/sys/net/ipv4/ip_forward