Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#54915 - [pambase] add pam_keyinit support
Attached to Project:
Arch Linux
Opened by loqs (loqs) - Sunday, 23 July 2017, 22:04 GMT
Last edited by Christian Hesse (eworm) - Friday, 06 October 2017, 13:02 GMT
Opened by loqs (loqs) - Sunday, 23 July 2017, 22:04 GMT
Last edited by Christian Hesse (eworm) - Friday, 06 October 2017, 13:02 GMT
|
DetailsDescription:
The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring. http://www.linux-pam.org/Linux-PAM-html/sag-pam_keyinit.html Adding pam_keyinit support would allow the reverts used for It is already used by some debian services https://sources.debian.net/src/gdm3/3.22.3-4/debian/gdm3.gdm-password.pam/ and by fedora but without the force option which would be required for the reverts for https://src.fedoraproject.org/cgit/rpms/pam.git/tree/system-auth.pamd 
system-auth
(0.5 KiB)
|
This task depends upon
Closed by Christian Hesse (eworm)
Friday, 06 October 2017, 13:02 GMT
Reason for closing: Implemented
Additional comments about closing: pambase 20171006-1
Friday, 06 October 2017, 13:02 GMT
Reason for closing: Implemented
Additional comments about closing: pambase 20171006-1
"This module should not, generally, be invoked by programs like su, since it is usually desirable for the key set to percolate through to the alternate context. The keys have their own permissions system to manage this."
It's already included in /etc/pam.d/sddm config