Bug#867311: Enviroment variables
John Hughes
john.hughes at calva.com
Thu Jul 13 10:12:51 UTC 2017
The problem is that on gdm3 3.22 when we get to
"pam_setcred(PAM_REINITIALIZE_CRED)" we have not set the KRB5CCNAME
environment variable.
The pam-krb5 readme
(https://www.eyrie.org/~eagle/software/pam-krb5/readme.html) says:
> The normal sequence of events when refreshing a ticket cache (such as
> inside a screensaver) is:
>
> pam_authenticate
> pam_setcred(PAM_REINITIALIZE_CRED)
> pam_acct_mgmt
>
> (PAM_REFRESH_CRED may be used instead.) Authentication proceeds as
> above. At the pam_setcred stage, rather than creating a new ticket
> cache, the module instead finds the current ticket cache (from the
> KRB5CCNAME environment variable or the default ticket cache location
> from the Kerberos library) and then reinitializes it with the
> credentials from the temporary pam_authenticate ticket cache. When
> refreshing a ticket cache, the application should *not* open a
> session. Calling pam_acct_mgmt is optional; pam-krb5 doesn't do
> anything different when it's called in this case.
>
So it won't work if we don't set the KRB5CCNAME environment variable.
But when? Should we special case this one or set all PAM environment
variables?
--
John Hughes, CalvaEDI S.A.S. -- An Esker Company
<john.hughes at calva.com>
+33 1 4313 3131
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20170713/733baa94/attachment.html>
More information about the pkg-gnome-maintainers
mailing list