Bug 3619 - xdm doesn't copy environment variables from PAM to user session
Summary: xdm doesn't copy environment variables from PAM to user session
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: XFree86
Version: 6.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Preston Brown
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1999-06-21 17:21 UTC by Nalin Dahyabhai
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 1999-08-31 18:48:13 UTC

Attachments (Terms of Use)

Description Nalin Dahyabhai 1999-06-21 17:21:26 UTC
If a module for PAM sets an environment variable (example:
a Kerberos module that needs to set the KRB5CCNAME or
KRBTKFILE variables to the names of ticket files for the
user), it doesn't get passed on to the user session that
gets started.  The fix (to session.c) might look something
like this:

    /* if we have a pam_misc library on this system, pass in
       environment variables set by libpam and modules it
       called */
    if(pamh != NULL)
        long i;
        char **pam_env = pam_misc_copy_env(pamh);
        for(i = 0; pam_env && pam_env[i]; i++)
            verify->userEnviron = putEnv(pam_env[i],
#endif /* HAVE_PAM_MISC */

* kdm and gdm also have this problem.

Comment 1 Michael K. Johnson 1999-07-13 17:27:59 UTC
This code looks right at first glance.  It should be placed
directly after the section that calls pam_open_session().

We would also have to make sure that each of these components
links against -lpam_misc as well as -lpam, as well as define

Comment 2 Nalin Dahyabhai 1999-07-13 17:42:59 UTC
Actually, the code should just call pam_getenvlist() from libpam
instead of pam_misc_copy_env(), which is deprecated.  I missed it
because this is only documented in the pam_misc header file.
Mark has already fixed it in gdm2 in CVS.

Comment 3 Preston Brown 1999-08-31 18:48:59 UTC
fixed in our forthcoming XFree86 3.3.5 errata release.

Note You need to log in before you can comment on or make changes to this bug.