- (dtucker) [auth-pam.c] Bug #1534: move the deletion of PAM credentials on
logout to after the session close. Patch from Anicka Bernathova, ok djm.
diff --git a/auth-pam.c b/auth-pam.c
index ccdb993..675006e 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -602,16 +602,16 @@
return;
debug("PAM: cleanup");
pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
- if (sshpam_cred_established) {
- debug("PAM: deleting credentials");
- pam_setcred(sshpam_handle, PAM_DELETE_CRED);
- sshpam_cred_established = 0;
- }
if (sshpam_session_open) {
debug("PAM: closing session");
pam_close_session(sshpam_handle, PAM_SILENT);
sshpam_session_open = 0;
}
+ if (sshpam_cred_established) {
+ debug("PAM: deleting credentials");
+ pam_setcred(sshpam_handle, PAM_DELETE_CRED);
+ sshpam_cred_established = 0;
+ }
sshpam_authenticated = 0;
pam_end(sshpam_handle, sshpam_err);
sshpam_handle = NULL;