refresh pam credentials on successful authentication

author: James Cassidy <qfire-vc@qfire.net> 2015-03-26 09:26:48 -0400
committer: James Cassidy <qfire-vc@qfire.net> 2015-03-26 09:26:48 -0400
commit: aaad9c0e7ac5fb39e42948ce876abcd3633a7f9b (patch)
tree: fd4d5322303ab99757bf5915893cfacbdf352cdc /i3lock.c
parent: de152b1f29c0a0c2214be0f6a521860be8bc6652 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/i3lock.c b/i3lock.c
index 69a1377..d971f0d 100644
--- a/i3lock.c
+++ b/i3lock.c
@@ -263,6 +263,14 @@ static void input_done(void) {
         /* Turn the screen on, as it may have been turned off
          * on release of the 'enter' key. */
         turn_monitors_on();
+
+        /* PAM credentials should be refreshed, this will for example update any kerberos tickets.
+         * Related to credentials pam_end() needs to be called to cleanup any temporary
+         * credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the
+         * refresh of the credentials failed. */
+        pam_setcred(pam_handle, PAM_REFRESH_CRED);
+        pam_end(pam_handle, PAM_SUCCESS);
+
         exit(0);
     }
author	James Cassidy <qfire-vc@qfire.net>	2015-03-26 09:26:48 -0400
committer	James Cassidy <qfire-vc@qfire.net>	2015-03-26 09:26:48 -0400
commit	aaad9c0e7ac5fb39e42948ce876abcd3633a7f9b (patch)
tree	fd4d5322303ab99757bf5915893cfacbdf352cdc /i3lock.c
parent	de152b1f29c0a0c2214be0f6a521860be8bc6652 (diff)