You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since many PAM applications execute pam_setcred before pam_open_session, the session keyring is not available when it is needed.
For example: if we use pam_krb5 with credential cache of the form KEYRING:session:some_name and login using gdm3, the credential cache will not be available to the user session (pam_krb5 fills in the credential cache during in whichever of the previously mentioned functions gets called first).
I propose to add an auth module to pam_keyinit, with a pam_sm_setcred function identical to pam_sm_open_session.
The text was updated successfully, but these errors were encountered:
Since many PAM applications execute pam_setcred before pam_open_session, the session keyring is not available when it is needed.
For example: if we use pam_krb5 with credential cache of the form KEYRING:session:some_name and login using gdm3, the credential cache will not be available to the user session (pam_krb5 fills in the credential cache during in whichever of the previously mentioned functions gets called first).
I propose to add an auth module to pam_keyinit, with a pam_sm_setcred function identical to pam_sm_open_session.
The text was updated successfully, but these errors were encountered: