If a module for PAM sets an environment variable (example: a Kerberos module that needs to set the KRB5CCNAME or KRBTKFILE variables to the names of ticket files for the user), it doesn't get passed on to the user session that gets started. The fix (to session.c) might look something like this: #ifdef HAVE_PAM_MISC /* if we have a pam_misc library on this system, pass in environment variables set by libpam and modules it called */ if(pamh != NULL) { long i; char **pam_env = pam_misc_copy_env(pamh); for(i = 0; pam_env && pam_env[i]; i++) { verify->userEnviron = putEnv(pam_env[i], verify->userEnviron); } } #endif /* HAVE_PAM_MISC */ * kdm and gdm also have this problem.
This code looks right at first glance. It should be placed directly after the section that calls pam_open_session(). We would also have to make sure that each of these components links against -lpam_misc as well as -lpam, as well as define HAVE_PAM_MISC.
Actually, the code should just call pam_getenvlist() from libpam instead of pam_misc_copy_env(), which is deprecated. I missed it because this is only documented in the pam_misc header file. Mark has already fixed it in gdm2 in CVS.
fixed in our forthcoming XFree86 3.3.5 errata release.