As this bug's history shows, a recent libpam-afs-session upgrade made
cron start syslogging errors that turned out to stem from my personal
KRB5CCNAME setting having accidentally leaked into its environment.
(sudo preserves that variable by default, which is appropriate in many
contexts.) I historically also ran into trouble with leakage from my
TEXMF setting (though I concede that sudo now filters that out itself),
and Russ Allbery mentioned problems with Debconf-related variables
leaking into xinetd invocations and from there ultimately into remote
shells, breaking subsequent aptitude runs.
To avoid such surprises, could dpkg please run maintainer scripts in
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
http://www.mit.edu/~amu/ | http://email@example.com
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org