Nicolas Williams wrote: > So I think the question "how does [the screen lock program] support > pam_setcred()?" just doesn't make much sense. The answer should be: "it > calls pam_setcred(), but doing so has little or no impact on the > unlocked session."
Except in the case of a module like pam_krb5.so or pam_dhkeys.so because those update hosts specfic cred state for that user rather than process specific cred state. In the pam_krb5 case calling pam_setcred() in the screen saver updates your /tmp/krb5cc_<uid> cred cache. In the pam_dhkeys.so pam_setcred updates your keylogin status in keyserv(1M). What pam_unix_cred.so does on the other hand is specfic to the process because it update process privilege sets and audit context. -- Darren J Moffat
