Yes. This bug probably means that lightdm is not associating the login session's environment with the pam handle for the unlock action. It looks like lightdm correctly copies the contents of the pam env (pam_getenvlist) to the session environment (judging by the $KRB5CCNAME that I have in my environment here), but evidently it doesn't save this information for later use for the unlock screen, which it needs to do.
A valid way to do this would be to keep the pam handle open for the duration of the login session, and reference it for any unlock actions. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1336663 Title: lightdm uses wrong ccache name on pam_krb5 credentials refresh Status in Light Display Manager: Triaged Status in “libpam-krb5” package in Ubuntu: New Status in “lightdm” package in Ubuntu: Triaged Bug description: As already noted by Brian Knoll in https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1296276/comments/24 lightdm 1.10.1-0ubuntu1 uses an inappropriate credentials cache, /tmp/krb5cc_0, when refreshing Kerberos credentials on screen unlock. I couldn't find the new bug Robert Ancell called for in https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1296276/comments/27 so I'm opening one now. To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1336663/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
