From da04944a6841e68e24c0308125fb24d67e269008 Mon Sep 17 00:00:00 2001
From: Samuli Suominen <ssuominen@gentoo.org>
Date: Thu, 13 Mar 2014 17:08:30 +0200
Subject: [PATCH] According to pam_env manpage it should be last on the stack
 because PAM environment variables can have unexpected results on other
 modules. Also, this commit puts Gentoo pambase up par with ArchLinux pambase,
 as well as help the case of setting ${XDG_RUNTIME_DIR} in pam_env.conf

---
 system-auth.in     | 6 +++---
 system-login.in    | 8 ++++----
 system-services.in | 3 +++
 system-session.inc | 3 ---
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/system-auth.in b/system-auth.in
index 43df701..588e7f3 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -1,6 +1,3 @@
-#if HAVE_ENV
-auth		required	pam_env.so DEBUG
-#endif
 #if HAVE_PAM_SSH
 auth		sufficient	pam_ssh.so
 #endif
@@ -10,6 +7,9 @@ auth		KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
 auth		required	pam_unix.so try_first_pass LIKEAUTH nullok DEBUG
 /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
 auth		optional	pam_permit.so
+#if HAVE_ENV
+auth		required	pam_env.so DEBUG
+#endif
  
 #if HAVE_KRB5
 account		KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
diff --git a/system-login.in b/system-login.in
index 11ac032..194f1a3 100644
--- a/system-login.in
+++ b/system-login.in
@@ -37,9 +37,6 @@ session         optional        pam_loginuid.so
 #if HAVE_SELINUX
 session		required	pam_selinux.so close
 #endif
-#if HAVE_ENV
-session		required	pam_env.so DEBUG
-#endif
 #if HAVE_LASTLOG
 session		optional	pam_lastlog.so silent DEBUG
 #endif
@@ -59,4 +56,7 @@ session		optional	pam_motd.so motd=/etc/motd
 #if HAVE_MAIL
 session		optional	pam_mail.so
 #endif
-  
+
+#if HAVE_ENV
+session		required	pam_env.so DEBUG
+#endif
diff --git a/system-services.in b/system-services.in
index 989267f..47f4561 100644
--- a/system-services.in
+++ b/system-services.in
@@ -6,3 +6,6 @@ account		include		system-auth
 session         optional        pam_loginuid.so
 #endif
 #include "system-session.inc"
+#if HAVE_ENV
+session		required	pam_env.so DEBUG
+#endif
diff --git a/system-session.inc b/system-session.inc
index 2ba6964..4b042c3 100644
--- a/system-session.inc
+++ b/system-session.inc
@@ -1,9 +1,6 @@
 #if HAVE_LIMITS
 session		required	pam_limits.so DEBUG
 #endif
-#if HAVE_ENV
-session		required	pam_env.so DEBUG
-#endif
 #if HAVE_MKTEMP
 session		optional	pam_mktemp.so
 #endif
-- 
1.9.0