How does pam determine its state?

[DI Roman Fiedler]

I'm trying to find out which files, commands can change the state and 
behavior of the pam modules. This is because I have two servers which 
should be identical in regard to login/pam configuration but they behave 
different.

hosta: A linux vserver instance, with pam, cron
hostb: A clone of hostb

After cloning of hosta I installed logcheck, which runs without problems 
on hosta, but produces pam error messages in auth.log on hostb. The 
error messages are triggered via the logcheck cronjob, but a much 
simpler cronjob is also sufficient:

* *     * * *   nobody  date > /tmp/pamtest

On hosta  I get every minute:

Aug 23 13:05:01 hosta CRON[16877]: (pam_unix) session opened for user 
nobody by (uid=0)
Aug 23 13:05:01 hosta CRON[16877]: (pam_unix) session closed for user nobody

On hostb:

Aug 23 13:08:01 hostb CRON[16908]: (pam_unix) session opened for user 
nobody by (uid=0)
Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #6 to soft=-1, 
hard=-1 failed: Operation not permitted; uid=0 euid=0
Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #8 to soft=-1, 
hard=-1 failed: Operation not permitted; uid=0 euid=0
Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #11 to soft=-1, 
hard=-1 failed: Operation not permitted; uid=0 euid=0
Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #12 to soft=-1, 
hard=-1 failed: Operation not permitted; uid=0 euid=0
Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #13 to soft=20, 
hard=20 failed: Operation not permitted; uid=0 euid=0
Aug 23 13:08:01 hostb pam_limits[16908]: setrlimit limit #14 to soft=-1, 
hard=-1 failed: Operation not permitted; uid=0 euid=0
Aug 23 13:08:01 hostb CRON[16908]: (pam_unix) session closed for user nobody

There are no differences in /etc/pam.conf, /etc/pam.d, the passwd/shadow files are identical. None of the instances was rebootet since installing logcheck.

What could cause the different behavior?