Subject: xsrc/31376: xdm loses environment settings from PAM
To: None <email@example.com, firstname.lastname@example.org,>
From: None <email@example.com>
Date: 09/23/2005 14:33:00
>Synopsis: xdm loses environment settings from PAM
>Arrival-Date: Fri Sep 23 14:33:00 +0000 2005
>Originator: Ty Sarna
>Release: NetBSD 3.99.7
System: NetBSD kohaku.sarna.org 3.99.7 NetBSD 3.99.7 (KOHAKU) #1: Thu Jul 14 11:57:19 EDT 2005 firstname.lastname@example.org:/usr/build/KOHAKU i386
Environment variables set by pam_setenv in PAM modules do not
end up in the environment in a user's X login session.
Specifically, pam_krb5 only works by accident. The module sets
KRB5CCNAME to point to the user's credentials cache. I confirmed
that the module is working properly by testing with /usr/bin/login.
Users of an xdm login with kerberos only have tickets by
coincidence... by default the KRB5CCNAME that is set by pam_krb5
is based on the user's UID, and kerberos defaults to using
the same filename if KRB5CCNAME is not set. But if the ccache
option if used with pam_krb5, the user will not have tickets
(or will, but won't be able to use them because kerberos will be
looking in the wrong place.)
Any other PAM module that makes use of environment modules will
Log in with kerberos. Notice KRB5CCNAME is not set in
Put "env >/tmp/foo" in .xsession and log in again. Notice it's
Move env call to start of /etc/X11/xdm/Xsession and notice it's
still not being set.
Not sure. Quick code inspection looks like session.c in xdm is
trying to handle this, so I'm not sure what's wrong.