From aaad9c0e7ac5fb39e42948ce876abcd3633a7f9b Mon Sep 17 00:00:00 2001 From: James Cassidy Date: Thu, 26 Mar 2015 09:26:48 -0400 Subject: [PATCH] refresh pam credentials on successful authentication --- i3lock.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/i3lock.c b/i3lock.c index 69a1377..d971f0d 100644 --- a/i3lock.c +++ b/i3lock.c @@ -263,6 +263,14 @@ static void input_done(void) { /* Turn the screen on, as it may have been turned off * on release of the 'enter' key. */ turn_monitors_on(); + + /* PAM credentials should be refreshed, this will for example update any kerberos tickets. + * Related to credentials pam_end() needs to be called to cleanup any temporary + * credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the + * refresh of the credentials failed. */ + pam_setcred(pam_handle, PAM_REFRESH_CRED); + pam_end(pam_handle, PAM_SUCCESS); + exit(0); }