>Number:         31376
>Category:       xsrc
>Synopsis:       xdm loses environment settings from PAM
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    xsrc-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 23 14:33:00 +0000 2005
>Originator:     Ty Sarna
>Release:        NetBSD 3.99.7
>Organization:
>Environment:
System: NetBSD kohaku.sarna.org 3.99.7 NetBSD 3.99.7 (KOHAKU) #1: Thu Jul 14 11:57:19 EDT 2005 tsarna@talyn.frontco.com:/usr/build/KOHAKU i386
Architecture: i386
Machine: i386
>Description:
	Environment variables set by pam_setenv in PAM modules do not
	end up in the environment in a user's X login session.

	Specifically, pam_krb5 only works by accident. The module sets
	KRB5CCNAME to point to the user's credentials cache. I confirmed
	that the module is working properly by testing with /usr/bin/login.

	Users of an xdm login with kerberos only have tickets by
	coincidence... by default the KRB5CCNAME that is set by pam_krb5
	is based on the user's UID, and kerberos defaults to using
	the same filename if KRB5CCNAME is not set. But if the ccache
	option if used with pam_krb5, the user will not have tickets
	(or will, but won't be able to use them because kerberos will be
	looking in the wrong place.)

	Any other PAM module that makes use of environment modules will
	fail similarly.
>How-To-Repeat:
	Log in with kerberos. Notice KRB5CCNAME is not set in
	environment.

	Put "env >/tmp/foo" in .xsession and log in again. Notice it's
	not set.

	Move env call to start of /etc/X11/xdm/Xsession and notice it's
	still not being set.
>Fix:
	Not sure. Quick code inspection looks like session.c in xdm is
	trying to handle this, so I'm not sure what's wrong.