Fix the environment handling:

However, there's still a bug in login.c
because you copy the environment *before* the call to pam_open_session,
which won't set the necessary variables set by /usr/ports/security/pam_ssh.

Submitted by:	Volker Stolz <stolz@hyperion.informatik.rwth-aachen.de>

usr.bin/login/login.c

@@ -575,18 +575,6 @@ main(argc, argv)
 	if (!pflag)
 		environ = envinit;
 
-#ifdef USE_PAM
-	/*
-	 * Add any environmental variables that the
-	 * PAM modules may have set.
-	 */
-	if (pamh) {
-		environ_pam = pam_getenvlist(pamh);
-		if (environ_pam)
-			export_pam_environment();
-	}
-#endif /* USE_PAM */
-
 	/*
 	 * PAM modules might add supplementary groups during pam_setcred().
 	 */
@@ -606,6 +594,17 @@ main(argc, argv)
 			    pam_strerror(pamh, e));
 		}
 
+	        /*
+	         * Add any environmental variables that the
+	         * PAM modules may have set.
+		 * Call *after* opening session!
+		 */
+		if (pamh) {
+		  environ_pam = pam_getenvlist(pamh);
+		  if (environ_pam)
+			export_pam_environment();
+		}
+
 		/*
 		 * We must fork() before setuid() because we need to call
 		 * pam_close_session() as root.