On Fri, 30 Mar 2018, Greg Wooledge wrote:
> On Fri, Mar 30, 2018 at 12:11:18PM -0700, Don Armstrong wrote:
> > That's why you need @{HOME}, not ${HOME}.
>
> Same result.
>
> $ tail -2 /etc/security/pam_env.conf
> FOO DEFAULT=@{HOME}/bar
> LANG DEFAULT=en_US.UTF-8 OVERRIDE=${LANG}
>
> $ LANG=lolcat ssh localhost
> [...]
> $ env | grep -E '(FOO|LANG)='
> LANG=en_US.UTF-8
> FOO=/bar
Hrm; this feature was added around 1.2.1, and we're still using 1.1.8.[1]
> there is apparently no realistic way (short of source-diving) to
> figure out what each PAM module actually DOES to the environment.
In pam_env, there's a debug option.
> WTF is a "PAM_ITEM"? pam_env.conf(5) refers to pam.d(5) and pam(7),
See
https://github.com/linux-pam/linux-pam/blob/master/modules/pam_env/pam_env.c#L668
1: https://bugs.debian.org/821408
--
Don Armstrong https://www.donarmstrong.com
"She decided what she wished to happen and then assumed that reality
would bend to her wishes." [...] "Reality doesn't indulge wishes."
-- Terry Goodkind _Phantom_ p133
