If a module for PAM sets an environment variable (example:
a Kerberos module that needs to set the KRB5CCNAME or
KRBTKFILE variables to the names of ticket files for the
user), it doesn't get passed on to the user session that
gets started. The fix (to session.c) might look something
/* if we have a pam_misc library on this system, pass in
environment variables set by libpam and modules it
if(pamh != NULL)
char **pam_env = pam_misc_copy_env(pamh);
for(i = 0; pam_env && pam_env[i]; i++)
verify->userEnviron = putEnv(pam_env[i],
#endif /* HAVE_PAM_MISC */
* kdm and gdm also have this problem.
This code looks right at first glance. It should be placed
directly after the section that calls pam_open_session().
We would also have to make sure that each of these components
links against -lpam_misc as well as -lpam, as well as define
Actually, the code should just call pam_getenvlist() from libpam
instead of pam_misc_copy_env(), which is deprecated. I missed it
because this is only documented in the pam_misc header file.
Mark has already fixed it in gdm2 in CVS.
fixed in our forthcoming XFree86 3.3.5 errata release.