This is the README for pam_mktemp, a PAM SESSION module which will securely create a temporary file (ands set an environment variable to point to it) in pam_open_session, and unlinks the file in pam_close_session. This is useful for applications like setting XAUTHORITY to a secure temporary file in an environment where home directories are in a network filesystem. You would do this adding: session optional pam_mktemp.so var=XAUTHORITY prefix=/tmp/xauth to /etc/pam.d/common-session. You must specify the var option; the prefix option defaults to /tmp/tempfile if not specified. The argument passed to mkstemp when creating this file will be /tmp/xauth-UID-XXXXXX, where UID is the user id for the session being opened. It supports two additional options: debug (enabling debugging output) and an dir (which causes pam_mktemp to create a temporary directory, rather than a temporary file). So, the pam_mktemp line session line to create a login session temporary directory might look like: session optional pam_mktemp.so debug dir prefix=/var/tmp var=SESSION_TEMPDIR