GNOME Bugzilla – Bug 557794
gdm calls pam functions in the wrong order
Last modified: 2008-11-07 17:52:55 UTC
gdm calls the pam functions on logout in the wrong order.
pam_setcred with the DELETE_CRED flag is called before pam_close_session is
This means that e.g. a kerberos aware module can't use the kerberos credentials
cache to close it's session, cause the tickets are already gone.
pam_setcred with DELETE_CRED should be called after pam_close_session.
I've reordered those calls now, thanks.