pam_set_cred vs. pam_close_session
Aaron Cohen
aaron at assonance.org
Thu Mar 29 18:30:06 UTC 2007
Hi there,
I guess this is about 6 years too late, but I've got a question
about pam session management.
Specifically, I'm using Linux PAM, pam_krb and util-linux from
Fedora Core 6. I'm trying to use kerberos to authenticate a script
which synchronizes home directories to a backup server at session
open/close.
login.c from that version of login contains the following:
# define PAM_END { \
pam_setcred(pamh, PAM_DELETE_CRED); \
retcode = pam_close_session(pamh,0); \
pam_end(pamh,retcode); \
}
I'm very interested in the order of pam_setcred and pam_close_session
there, because it's rather inconvenient to me. It results in ny
kerberos credentials being deleted before my script gets the chance to
clean up the session. Is this intentional? Is it specified somewhere
that it has to happen in this order? Is there a workaround I could
manage somehow?
Thanks,
Aaron
More information about the Pam-list
mailing list