[Bug 1336663] Re: lightdm uses wrong ccache name on pam_krb5 credentials refresh
Steve Langasek
steve.langasek at canonical.com
Tue Jul 8 19:43:46 UTC 2014
Yes. This bug probably means that lightdm is not associating the login
session's environment with the pam handle for the unlock action. It
looks like lightdm correctly copies the contents of the pam env
(pam_getenvlist) to the session environment (judging by the $KRB5CCNAME
that I have in my environment here), but evidently it doesn't save this
information for later use for the unlock screen, which it needs to do.
A valid way to do this would be to keep the pam handle open for the
duration of the login session, and reference it for any unlock actions.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libpam-krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1336663
Title:
lightdm uses wrong ccache name on pam_krb5 credentials refresh
Status in Light Display Manager:
Triaged
Status in “libpam-krb5” package in Ubuntu:
New
Status in “lightdm” package in Ubuntu:
Triaged
Bug description:
As already noted by Brian Knoll in https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1296276/comments/24
lightdm 1.10.1-0ubuntu1 uses an inappropriate credentials cache, /tmp/krb5cc_0, when refreshing Kerberos credentials on screen unlock.
I couldn't find the new bug Robert Ancell called for in
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1296276/comments/27
so I'm opening one now.
To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1336663/+subscriptions
More information about the foundations-bugs
mailing list