After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 557794 - gdm calls pam functions in the wrong order
gdm calls pam functions in the wrong order
Status: RESOLVED FIXED
Product: gdm
Classification: Core
Component: general
2.24.x
Other Linux
: Normal major
: ---
Assigned To: GDM maintainers
GDM maintainers
Depends on:
Blocks:
 
 
Reported: 2008-10-24 17:36 UTC by JP Rosevear
Modified: 2008-11-07 17:52 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description JP Rosevear 2008-10-24 17:36:06 UTC
From https://bugzilla.novell.com/show_bug.cgi?id=436852

gdm calls the pam functions on logout in the wrong order.

pam_setcred with the DELETE_CRED flag is called before pam_close_session is
called.

This means that e.g. a kerberos aware module can't use the kerberos credentials
cache to close it's session, cause the tickets are already gone.

pam_setcred with DELETE_CRED should be called after pam_close_session.
Comment 1 Matthias Clasen 2008-11-07 17:52:55 UTC
I've reordered those calls now, thanks.