I just looked through gdm's source and it appears to do pam_setcred
AFTER pam_close_session (which is the way I would prefer and that
makes more sense to me) but it seems like there needs to be a rule
defined and some consistancy enforced. :)
Aaron
On 3/29/07, Aaron Cohen <aaron@xxxxxxxxxxxxx> wrote:
Hi there,
I guess this is about 6 years too late, but I've got a question
about pam session management.
Specifically, I'm using Linux PAM, pam_krb and util-linux from
Fedora Core 6. I'm trying to use kerberos to authenticate a script
which synchronizes home directories to a backup server at session
open/close.
login.c from that version of login contains the following:
# define PAM_END { \
pam_setcred(pamh, PAM_DELETE_CRED); \
retcode = pam_close_session(pamh,0); \
pam_end(pamh,retcode); \
}
I'm very interested in the order of pam_setcred and pam_close_session
there, because it's rather inconvenient to me. It results in ny
kerberos credentials being deleted before my script gets the chance to
clean up the session. Is this intentional? Is it specified somewhere
that it has to happen in this order? Is there a workaround I could
manage somehow?
Thanks,
Aaron
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
