Bug#927079: libpam-script: Filters environment variables
Package: libpam-script Followup-For: Bug #927079 Hi, you mentioned that libpam-script filters environment variables, but I think this is not actually the case. Looking at the code, it only seems to *add* a number of variables, not remove any. For example I added the following line to my /etc/pam.d/sudo (just before the common-auth line): auth optional pam_script.so dir=/etc/pam.d/lock-scripts And then created /etc/pam.d/lock-scripts/pam_script_auth: #!/bin/sh env > /tmp/env After running sudo, I get my entire environment in /tmp/env. I suspect there might be other pam modules that might be clearing the env, or maybe the application that calls the pam module? Gr. Matthijs
Bug#927079: libpam-script: Filters environment variables
Package: libpam-script Severity: normal It seems like libpam-script filters the set of environment variables that are set, and there is no way to either turn this off or add extra environment variables that are passed through. I'm interested in inspecting the SSH_AUTH_INFO_0 environment variable set by newer versions of OpenSSH, but as this is not on the list of variables that are passed through, I can't. This greatly reduces the usefulness of libpam-script for me, so if this could either be optional or the list of variables could be added to, that'd be great. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are