[gdm-list] pam_setcred and session unlocking

From: "William Jon McCann" <mccann jhu edu>
To: gdm-list gnome org
Subject: [gdm-list] pam_setcred and session unlocking
Date: Mon, 5 Nov 2007 16:30:16 -0500

Hi,

I'm about to add support for unlocking and switching to an existing
session.  The way this works in 2.20 is that we authentication the
user as usual and then if an existing session is detected we ask
ConsoleKit to emit Unlock on that session and then we switch to the
appropriate VT.

One problem with this is that we didn't call pam_setcred with
PAM_REINITIALIZE_CRED or PAM_REFRESH_CRED.

So for trunk, do we think it is better to refresh the credentials for
the existing session in GDM or perhaps to make gnome-screensaver do it
in response the to Unlock signal from ConsoleKit?

One possible advantage to doing it in gnome-screensaver is that we
ensure that the pam modules pick up the correct environment (for
things like krb cache files etc).

One possible advantages to doing it in GDM is that it will work for
any type of session.

Thoughts?

Jon

Follow-Ups:
- Re: [gdm-list] pam_setcred and session unlocking
  - From: Frederic Crozat
- Re: [gdm-list] pam_setcred and session unlocking
  - From: Ray Strode

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]