refresh pam credentials on successful authentication

author James Cassidy <qfire-vc@qfire.net>

Thu, 26 Mar 2015 13:26:48 +0000 (09:26 -0400)

committer James Cassidy <qfire-vc@qfire.net>

Thu, 26 Mar 2015 13:26:48 +0000 (09:26 -0400)
author James Cassidy <qfire-vc@qfire.net>
Thu, 26 Mar 2015 13:26:48 +0000 (09:26 -0400)
committer James Cassidy <qfire-vc@qfire.net>
Thu, 26 Mar 2015 13:26:48 +0000 (09:26 -0400)
diff --git a/i3lock.c b/i3lock.c

index 69a1377569d52ba5964a5e6716b0b6fe87675924..d971f0d2432486c6b289a0041c670444d68c1468 100644 (file)
--- a/i3lock.c
+++ b/i3lock.c
@@ -263,6 +263,14 @@ static void input_done(void) {
          /* Turn the screen on, as it may have been turned off
           * on release of the 'enter' key. */
          turn_monitors_on();
+
+        /* PAM credentials should be refreshed, this will for example update any kerberos tickets.
+         * Related to credentials pam_end() needs to be called to cleanup any temporary
+         * credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the
+         * refresh of the credentials failed. */
+        pam_setcred(pam_handle, PAM_REFRESH_CRED);
+        pam_end(pam_handle, PAM_SUCCESS);
+
          exit(0);
      }
author	James Cassidy <qfire-vc@qfire.net>
	Thu, 26 Mar 2015 13:26:48 +0000 (09:26 -0400)
committer	James Cassidy <qfire-vc@qfire.net>
	Thu, 26 Mar 2015 13:26:48 +0000 (09:26 -0400)