--- coreutils-5.3.0/src/su.c
+++ coreutils-5.3.0/src/su.c
@@ -521,6 +521,21 @@
     }
 
   /* child shell */
+
+  /* Export env variables declared by PAM modules */
+  {
+    const char *const *env;
+
+    env = (const char *const *) pam_getenvlist (pamh);
+    while (env && *env)
+      {
+	
+	if (putenv (*env) != 0)
+	  xalloc_die ();
+        env++;
+      }
+  }
+
   pam_end (pamh, 0);
 #endif
 
@@ -726,9 +741,12 @@
       shell = NULL;
     }
   shell = xstrdup (shell ? shell : pw->pw_shell);
+  change_identity (pw);
+
+  /* Set environment after pam_open_session, which may put KRB5CCNAME
+     into the pam_env, etc.  */
   modify_environment (pw, shell);
 
-  change_identity (pw);
   if (simulate_login && chdir (pw->pw_dir) != 0)
     error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);