http://bugzilla.opensuse.org/show_bug.cgi?id=1081947 Bug ID: 1081947 Summary: PAM module pam_keyinit is still not included in the PAM stack Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: fbui@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Bug #1045886 revealed the lack of the integration of the PAM module "pam_keyinit". The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring. The created session keyring will be linked to the user keyring. Even if it currently works without the integration of "pam_keyinit", in this case the user session keyring is used as fallback, it's strongly recommended to use a session-keyring instead especially for root user, see man user-session-keyring(7). That would also has the benefit to re-enable the keyring support in systemd where each system service gets its own session keyring automatically not linked with the user-keyring (the root one). pam-config gained support for the configuration of pam_keyinit recently [1] but it's still not used and therefore pam_keyinit is still not integrated in the PAM stack. [1] https://build.opensuse.org/request/show/565816 -- You are receiving this mail because: You are on the CC list for the bug.