Bug#369395: openssh-server: should /etc/pam.d/ssh read /etc/default/locale?

[Raphael Hertzog <hertzog@debian.org>]

severity 369395 serious
tag 369395 + patch
thanks

On Mon, 29 May 2006, Andreas Beckmann wrote:
> Hi,
> 
> since the LC_* settings were moved from /etc/environment to
> /etc/default/locale pam_env no longer reads and sets them.
> See /usr/share/doc/locales/NEWS.Debian.gz for more information.
> Perhaps the pam_env settings in /etc/pam.d/ssh should be changed to take
> this into account.
> /etc/pam.d/login is reading /etc/default/locale in addition to
> /etc/environment and could be used as an example.

Indeed. Since this is a regression from sarge (as user are instructed to
remove the LANG=* setting from /etc/environment), I believe the PAM
configuration of ssh needs to be changed to match the configuration
of login.

Here's a patch for /etc/pam.d/ssh:
--- /home/rhertzog/ssh  2006-09-28 15:28:46.000000000 +0200
+++ ssh 2006-09-28 15:40:49.000000000 +0200
@@ -2,7 +2,10 @@

 # Read environment variables from /etc/environment and
 # /etc/security/pam_env.conf.
-auth       required     pam_env.so # [1]
+session       required   pam_env.so
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session       required   pam_env.so envfile=/etc/default/locale

 # Standard Un*x authentication.
 @include common-auth


BTW, the pam documentation mentions pam_env as providing "auth-level" service
but most packages put it in the session module which looks like logical. 
So I change that here as well.

If there's a rationale for using auth, feel free to change it back.

Cheers,
-- 
Raphaël Hertzog

Premier livre français sur Debian GNU/Linux :
http://www.ouaza.com/livre/admin-debian/