From fb0148c9ba78689cd03c9cf2ee05a4fa22a0ed69 Mon Sep 17 00:00:00 2001
From: Gunnar Hjalmarsson <gunnarhj@ubuntu.com>
Date: Mon, 25 Mar 2013 16:41:16 +0000
Subject: debian/openssh-server.sshd.pam: Explicitly state that
 ~/.pam_environment should be read, and move the pam_env calls from "auth" to
 "session" so that it's also read when $HOME is encrypted (LP: #952185).

---
 debian/changelog               |  9 +++++++++
 debian/openssh-server.sshd.pam | 14 +++++++-------
 2 files changed, 16 insertions(+), 7 deletions(-)

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index 51197feac..78c582918 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+openssh (1:6.1p1-4) UNRELEASED; urgency=low
+
+  [ Gunnar Hjalmarsson ]
+  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
+    should be read, and move the pam_env calls from "auth" to "session" so
+    that it's also read when $HOME is encrypted (LP: #952185).
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 14 Feb 2013 09:33:00 +0100
+
 openssh (1:6.1p1-3) experimental; urgency=low
 
   * Give ssh and ssh-krb5 versioned dependencies on openssh-client and
diff --git a/debian/openssh-server.sshd.pam b/debian/openssh-server.sshd.pam
index c108cdf68..9261e9dca 100644
--- a/debian/openssh-server.sshd.pam
+++ b/debian/openssh-server.sshd.pam
@@ -1,12 +1,5 @@
 # PAM configuration for the Secure Shell service
 
-# Read environment variables from /etc/environment and
-# /etc/security/pam_env.conf.
-auth       required     pam_env.so # [1]
-# In Debian 4.0 (etch), locale-related environment variables were moved to
-# /etc/default/locale, so read that as well.
-auth       required     pam_env.so envfile=/etc/default/locale
-
 # Standard Un*x authentication.
 @include common-auth
 
@@ -38,5 +31,12 @@ session    required     pam_limits.so
 # Set up SELinux capabilities (need modified pam)
 # session  required     pam_selinux.so multiple
 
+# Read environment variables from /etc/environment and
+# /etc/security/pam_env.conf.
+session    required     pam_env.so # [1]
+# In Debian 4.0 (etch), locale-related environment variables were moved to
+# /etc/default/locale, so read that as well.
+session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale
+
 # Standard Un*x password updating.
 @include common-password
-- 
cgit v1.2.3