Comment 1 for bug 955032

I had a hard time understanding this at first, until I understood that this was about the fact that pam_env is called *twice* for some services. Yes, we shouldn't be reading the user environment twice; I'm not sure if user_readenv should default to off when 'envfile' is set, or if this should be fixed in the individual packages providing the configs.

There's also a related issue that upstream has turned user_readenv off by default in the latest releases due to security concerns, and we should probably follow suit.