Bug 557794 – gdm calls pam functions in the wrong order

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 557794 - gdm calls pam functions in the wrong order


Summary:	gdm calls pam functions in the wrong order


Status:	RESOLVED FIXED

Product:	gdm
Classification:	Core
Component:	general
Version:	2.24.x
Hardware:	Other Linux

Importance:	Normal major
Target Milestone:	---
Assigned To:	GDM maintainers
QA Contact:	GDM maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2008-10-24 17:36 UTC by JP Rosevear
Modified:	2008-11-07 17:52 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description JP Rosevear 2008-10-24 17:36:06 UTC

From https://bugzilla.novell.com/show_bug.cgi?id=436852

gdm calls the pam functions on logout in the wrong order.

pam_setcred with the DELETE_CRED flag is called before pam_close_session is
called.

This means that e.g. a kerberos aware module can't use the kerberos credentials
cache to close it's session, cause the tickets are already gone.

pam_setcred with DELETE_CRED should be called after pam_close_session.

Comment 1 Matthias Clasen 2008-11-07 17:52:55 UTC

I've reordered those calls now, thanks.